[Dovecot] SSL Certificates and multiple domain names

Marcus Rueckert rueckert at informatik.uni-rostock.de
Thu Jul 15 00:22:41 EEST 2004


On 2004-07-15 00:11:36 +0300, Timo Sirainen wrote:
> >Am Mittwoch, 14. Juli 2004 20:34 schrieb Daniel L. Miller:
> >>How can I have Dovecot either return a different certificate for each
> >>domain/hostname or a certificate that supports multiple names?  I
> >
> >Not at all, AFAIK, but that's a limitation of SSL / X.509 certificates 
> >and
> >none of Dovecot.
> 
> Dovecot could support different certificates based on local or remote 
> IPs. ssl_cert_file and ssl_key_file could contain %l and %r variables. 
> That would require some changes though. Currently login process 
> initializes SSL and chroots itself then. Per-IP certificates would 
> require dropping privileges only after connection has been accepted, so 
> right certificate files could be opened.
> 
> I don't think it's worth the trouble. At least not yet.

how about binding dovecot to the specific ip and use a different cert
foreach dovecot instance.

btw: will there kind of ip based vhosting within a single dovecot
instance?

darix

-- 
irssi - the client of the smart and beautiful people

              http://www.irssi.de/



More information about the dovecot mailing list