Virtual Domains and TLS

nodens2099 nodens2099 at
Mon Dec 14 05:10:43 EST 2009

On 14/12/2009 09:10, Michael Menge wrote:
> Quoting Nybbles2Byte <nybbles2byte at>:
>> Hello,
>> Is there a way to have the "tls_..." options in the imap.conf file
>> work for multiple domains so that as many virtual domains as you want
>> can authenticate without the client software popping up warnings like
>> "certificate does not match this server" ?
> It depends on your Problem. If these virtual domains are all subdomains
> of one domain you can use wildcard domains. If there are few virtual
> domains and they don't change to often you can try the subject alternate
> name attribute.
> For https the Problem is solved by server name indication. But the server
> and client have to support this. And it would suprise me if there are
> any IMAP server or clients that support server name indication.

If the above solutions (subjectAltName, wildcard) is not acceptable for 
you, your best bet is probably to use several imapd listener processes, 
each with its own IP address and imapd.conf.

What I would do, however, is use the same name for all customers when 
they want to connect using SSL/TLS, and the virtual domain ID would be 
determined from the user id.


More information about the Info-cyrus mailing list