[Dovecot] SSL Certificates and multiple domain names

Timo Sirainen tss at iki.fi
Sun Jul 18 16:16:06 EEST 2004


On Thu, 2004-07-15 at 00:22, Marcus Rueckert wrote:
> > Dovecot could support different certificates based on local or remote 
> > IPs. ssl_cert_file and ssl_key_file could contain %l and %r variables. 
> > That would require some changes though. Currently login process 
> > initializes SSL and chroots itself then. Per-IP certificates would 
> > require dropping privileges only after connection has been accepted, so 
> > right certificate files could be opened.
> > 
> > I don't think it's worth the trouble. At least not yet.
> 
> how about binding dovecot to the specific ip and use a different cert
> foreach dovecot instance.
> 
> btw: will there kind of ip based vhosting within a single dovecot
> instance?

1.0-tests support "virtual servers", where this is possible:

server foo {
  listen = 1.2.3.4
  ssl_cert_file = /etc/ssl/certs/foo.cer
}

server bar {
  listen = 1.2.3.5
  ssl_cert_file = /etc/ssl/certs/bar.cer
}

But it creates separate login processes for each server, so it'd be
nicer if each login process just listened in all interfaces and just
selected the certificate based on what IP the client connected to.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040718/22e3208e/attachment.pgp


More information about the dovecot mailing list