dovecot - Jul 2005 - separate SSL certificates for pop3s and imaps

Hi,

I'm migrating a uw-imap installation to dovecot. With uw-imap I had
different SSL certificates and keys for ipop3d and imapd. How can I
configure dovecot to do the same with its pop3s and imaps services?

Thanks in advance,
-- 
_________________________creating IT solutions
Michael Weiser           science + computing ag
bei Eisenbahn und Haefen
Postfach 11 02 63        Hagellocher Weg 71-75
47142 Duisburg           72070 Tuebingen, Germany
phone +49 203 52 26341   www.science-computing.de

On Thu, Jul 07, 2005 at 08:58:35PM +0300, dovecot-request at dovecot.org
wrote:
> Hi,
> 
> I'm migrating a uw-imap installation to dovecot. With uw-imap I had
> different SSL certificates and keys for ipop3d and imapd. How can I
> configure dovecot to do the same with its pop3s and imaps services?
i run dovecot in a multihomed server with three different names:

mail.foo.edu
smtp.foo.edu
imap.foo.edu

which, for ssl purposes, means we need three different certs to
keep applications happy.  my approach is to start a seperate
dovecot process for each address, and manage the configuration
in three seperate files, each one telling dovecot to specifically
bind to only one address, and use a seperate runtime directory
specific to that address.  so for example, in my initscript, instead
of just doing something like:

start() {
        echo -n $"Starting $prog: "
	daemon $prog -c /etc/dovecot.conf
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}

i do something like:

start() {
        echo -n $"Starting $prog: "
        for s in imap mail smtp; do
                mkdir -p /var/run/dovecot/${s}.foo.edu
                daemon $prog -c /etc/dovecot/${s}.foo.edu.conf
        done
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}

where the value of the ssl cert config is different in each of the
files.  you could extend this to also have one config file to only
listen for pop and the other only for imap.

 
hth,
	sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20050707/ae605398/attachment-0001.bin>

On Thu, 2005-07-07 at 13:17 +0200, Michael Weiser wrote:
> I'm migrating a uw-imap installation to dovecot. With uw-imap I had
> different SSL certificates and keys for ipop3d and imapd. How can I
> configure dovecot to do the same with its pop3s and imaps services?
I think with 1.0-stable/tests you should be able to move ssl_* settings
inside protocol imap/pop3 blocks.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20050712/92a3cc2c/attachment-0001.bin>

On Tue, Jul 12, 2005 at 05:05:17PM +0300, Timo Sirainen wrote:
> > I'm migrating a uw-imap installation to dovecot. With uw-imap I
had
> > different SSL certificates and keys for ipop3d and imapd. How can I
> > configure dovecot to do the same with its pop3s and imaps services?
> I think with 1.0-stable/tests you should be able to move ssl_* settings
> inside protocol imap/pop3 blocks.
Thanks. It's already running for me with test76. Vincent Jaussaud asked
if it would also work with 1.0-stable which I couldn't answer due to
lack of testing. From your mail I'd infer that it would.

Thanks,
-- 
_________________________creating IT solutions
Michael Weiser           science + computing ag
bei Eisenbahn und Haefen
Postfach 11 02 63        Hagellocher Weg 71-75
47142 Duisburg           72070 Tuebingen, Germany
phone +49 203 52 26341   www.science-computing.de