[Dovecot] Re: separate SSL certificates for pop3s and imaps
Vincent Jaussaud
tatooin at kelkoo.com
Fri Jul 8 17:08:51 EEST 2005
On Thu, 2005-07-07 at 15:37 -0400, sean finney wrote:
> On Thu, Jul 07, 2005 at 08:58:35PM +0300, dovecot-request at dovecot.org wrote:
> > Hi,
> >
> > I'm migrating a uw-imap installation to dovecot. With uw-imap I had
> > different SSL certificates and keys for ipop3d and imapd. How can I
> > configure dovecot to do the same with its pop3s and imaps services?
>
I actually have exactly the same problem; and I'm waiting for the final
1.0 release in the hope it will be addressed.
Is this still a planned feature ?
Thanks !
Vincent.
> i run dovecot in a multihomed server with three different names:
>
> mail.foo.edu
> smtp.foo.edu
> imap.foo.edu
>
> which, for ssl purposes, means we need three different certs to
> keep applications happy. my approach is to start a seperate
> dovecot process for each address, and manage the configuration
> in three seperate files, each one telling dovecot to specifically
> bind to only one address, and use a seperate runtime directory
> specific to that address. so for example, in my initscript, instead
> of just doing something like:
>
> start() {
> echo -n $"Starting $prog: "
> daemon $prog -c /etc/dovecot.conf
> RETVAL=$?
> echo
> [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
> return $RETVAL
> }
>
> i do something like:
>
> start() {
> echo -n $"Starting $prog: "
> for s in imap mail smtp; do
> mkdir -p /var/run/dovecot/${s}.foo.edu
> daemon $prog -c /etc/dovecot/${s}.foo.edu.conf
> done
> RETVAL=$?
> echo
> [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
> return $RETVAL
> }
>
> where the value of the ssl cert config is different in each of the
> files. you could extend this to also have one config file to only
> listen for pop and the other only for imap.
>
>
> hth,
> sean
Vincent Jaussaud, Kelkoo.com IT Architect --- There may be said to be
two classes of people in the world; those who constantly divide the
people of the world into two classes and those who do not. -- Robert
Benchley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20050708/1e44cc5d/attachment-0001.pgp
More information about the dovecot
mailing list