Virtual Domains and TLS
nodens2099
nodens2099 at gmail.com
Mon Dec 14 05:10:43 EST 2009
On 14/12/2009 09:10, Michael Menge wrote:
> Quoting Nybbles2Byte <nybbles2byte at gmail.com>:
>
>> Hello,
>>
>> Is there a way to have the "tls_..." options in the imap.conf file
>> work for multiple domains so that as many virtual domains as you want
>> can authenticate without the client software popping up warnings like
>> "certificate does not match this server" ?
>>
>
> It depends on your Problem. If these virtual domains are all subdomains
> of one domain you can use wildcard domains. If there are few virtual
> domains and they don't change to often you can try the subject alternate
> name attribute.
>
> For https the Problem is solved by server name indication. But the server
> and client have to support this. And it would suprise me if there are
> any IMAP server or clients that support server name indication.
>
If the above solutions (subjectAltName, wildcard) is not acceptable for
you, your best bet is probably to use several imapd listener processes,
each with its own IP address and imapd.conf.
What I would do, however, is use the same name for all customers when
they want to connect using SSL/TLS, and the virtual domain ID would be
determined from the user id.
Cheers,
More information about the Info-cyrus
mailing list