Multiple SSL Certs with virtual domains?

Scott Lambert lambert at lambertfam.org
Thu Jan 21 04:35:20 EST 2010 

I am about to bring up the second of several virtual domains on my
Cyrus-IMAPd 2.3.15 installation.  I've been Googling but can't seem
to come up with a useful search string for finding posts talking
about using multiple secure certificates for POP/IMAP connections to
mail.domain1.com and mail.domainN.com.  We are rolling up multiple small
mail servers into one host.

The only thing I've been able to figure is that I will need to at least
have multiple imapd-domainX.conf files and have multiple pop3(s)/imap(s)
lines in cyrus.conf for each domain so that the secure certs can match
the hostname configured in the user's existing mail program.  

Is there a more elegant method than something like the below plan?

SERVICES {
  # add or remove based on preferences
  imap        cmd="imapd -C imapd-domain1.conf" listen="mail.domain1.com:imap"
  imaps        cmd="imapd -s -C imapd-domain1.conf" listen="mail.domain1.com:imaps"
  pop3        cmd="pop3d -C imapd-domain1.conf" listen="mail.domain1.com:pop3"
  pop3s        cmd="pop3d -s -C imapd-domain1.conf" listen="mail.domain1.com:pop3s"
  imap        cmd="imapd -C imapd-domain2.conf" listen="mail.domain2.com:imap"
  imaps        cmd="imapd -s -C imapd-domain2.conf" listen="mail.domain2.com:imaps"
  pop3        cmd="pop3d -C imapd-domain2.conf" listen="mail.domain2.com:pop3"
  pop3s        cmd="pop3d -s -C imapd-domain2.conf" listen="mail.domain2.com:pop3s"
  ...
  imap        cmd="imapd -C imapd-domainN.conf" listen="mail.domainN.com:imap"
  imaps        cmd="imapd -s -C imapd-domainN.conf" listen="mail.domainN.com:imaps"
  pop3        cmd="pop3d -C imapd-domainN.conf" listen="mail.domainN.com:pop3"
  pop3s        cmd="pop3d -s -C imapd-domainN.conf" listen="mail.domainN.com:pop3s"
  sieve         cmd="timsieved" listen="sieve" prefork=0

  lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
}

Where imapd.conf has my current imapd.conf contents but the
tls_cert_file: and tls_key_file: variables have been ripped out and
imapd-domainX.conf is:

-------------------------------------------------------------
@include: imapd.conf
tls_cert_file: /pathtocert/domainX.crt
tls_key_file: /pathtokey/domainX.key
-------------------------------------------------------------

-- 
Scott Lambert                    KC5MLE                       Unix SysAdmin
lambert at lambertfam.org

More information about the Info-cyrus mailing list