Andreas Schulze
2010-Feb-09 07:38 UTC
[Dovecot] dovecot2 Beta2: different certs for imaps and pop3s
Hello,
is it possible to use differnent ssl certs for pop3 and imap ?
I like to have differnet dnsnames for pop3 an imap services configured at
customers clients.
I tried to configure ssl_key and ssl_cert inside a <protocol>-login {}
section
but this failed.
Of course I know sslcerts containing multiple dnsnames.
But this seemes not a real, clean solution to me.
Thanks,
Andreas
--
Andreas Schulze
Internetdienste | P532
DATEV eG
90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?rnberg, GenReg
Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
J?rg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: GnuPG-Signatur.asc
Type: application/pgp-signature
Size: 315 bytes
Desc: digitale Signatur dieser Nachricht von Andreas Schulze
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20100209/9ca73d8f/attachment-0002.bin>
Timo Sirainen
2010-Feb-09 13:58 UTC
[Dovecot] dovecot2 Beta2: different certs for imaps and pop3s
On 9.2.2010, at 9.38, Andreas Schulze wrote:> I tried to configure ssl_key and ssl_cert inside a <protocol>-login {} section > but this failed.Just remove the -login from the protocol. imap-login is a process/binary, imap is the protocol.
Andreas Schulze
2010-Feb-25 06:28 UTC
[Dovecot] dovecot2 Beta2: different certs for imaps and pop3s (SOLVED)
Hallo again.
the problem with different certs is solved.
( tested with dovecot2.Beta3 )
there are multiple solutions:
(hopefully without typos)
Solution 1
--------------------------
ssl = yes
ssl_cert = <IMAP-cert.pem
ssl_key = <IMAP-key.pem
protocol pop3 {
ssl_cert = <POP3-cert.pem
ssl_key = <POP3-key.pem
}
--- snap
In this case *always* the IMAP-Cert is used except for pop3.
Maybe LMTP will be ssl capable someday, so LMTP would implicit use the
IMAP-cert.
This may introduce unwanted effects.
Solution 2
---------------------------
ssl = no
protocol imap {
ssl = yes
ssl_cert = <IMAP-cert.pem
ssl_key = <IMAP-key.pem
}
protocol pop3 {
ssl = yes
ssl_cert = <POP3-cert.pem
ssl_key = <POP3-key.pem
}
--- snap
this is a more logical Solution to me.
Important:
In both cases dovecot -n does *not* show any protocol {} Sections...
--
Andreas Schulze
Internetdienste | P532
DATEV eG
90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?rnberg, GenReg
Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
J?rg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: GnuPG-Signatur.asc
Type: application/pgp-signature
Size: 315 bytes
Desc: digitale Signatur dieser Nachricht von Andreas Schulze
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20100225/bdea884a/attachment-0002.bin>