Hello,
is possible in some way use on each ip address different certificate
(for imap, for pop3). There are options like (but that is not enough
for me):
protocol imap {
listen = *:10143
ssl_listen = *:10943
..
}
protocol pop3 {
listen = *:10100
..
}
I have server for 4 domains (each has own ip address), so i need bind
one ip address to one domain to one certificate(each certificate
contains name of domain):
domain1.tld (x.x.x.100) -> certificate domain1.tld.pem
domain2.tld (x.x.x.101) -> certificate domain2.tld.pem
domain3.tld (x.x.x.102) -> certificate domain3.tld.pem
domain4.tld (x.x.x.103) -> certificate domain4.tld.pem
Or i must run different instances of dovecot ? (using other config) ?
Thank you for advices.
--
Lampa
On Tue, 2008-02-26 at 19:51 +0100, Lampa wrote:> is possible in some way use on each ip address different certificateUnfortunately not. Probably will have to wait until v2.0. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080226/7ab7d1de/attachment-0002.bin>
Hello, so it's possible to do it in other way ? Starting dovecot with different config (bind different ip adress and different certificates) ? Is possible with -c option. If is possible what must change in config (will be base_dir enough, or will be problem that other directives stay same for all hosts - executables, options for logging, ...) ? Thank you. 2008/2/26, Timo Sirainen <tss at iki.fi>:> On Tue, 2008-02-26 at 19:51 +0100, Lampa wrote: > > is possible in some way use on each ip address different certificate > > > Unfortunately not. Probably will have to wait until v2.0. > > >-- Lampa
Hello, i just tested imaps with 5 altnames in ms outlook and works ok (problem was unknown CA). Kmail seems working too. But need more testing. There will be some "old" clients which will not support this feature. I found http://wiki.cacert.org/wiki/VhostTaskForce where is lot explained. 2008/2/27, Steffen Kaiser <skdovecot at smail.inf.fh-bonn-rhein-sieg.de>:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Tue, 26 Feb 2008, Jose Celestino wrote: > > > It is possible to get a certificate with a "Subject Alternative Names" > > containing the various hostnames pointing to the same machine. > > > I have very poor experience with such certificates in both https and > imaps. > > Bye, > > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFHxRNXVJMDrex4hCIRAu4gAKDOxj3erDVcjJNfAxOsvZoxmH8YfgCg2Qk9 > e7Lpg+CSihGqHIi03ZU2m/I> =rfxy > -----END PGP SIGNATURE----- >-- Lampa