[Dovecot] One dovecot, multiple domains
Ben
bench at silentmedia.com
Wed Feb 15 21:13:31 EET 2006
My (also limited, but growing) understanding of a server cert is that you can
bind it either to an IP address or to a FQDN. I could just bind it to the IP
address, and as long as I only used a single IP address for my imap server
(likely) then I'd be okay....... EXCEPT that I'm cheap, and plan to self-sign
the CA for all my domains.
That's not so much a problem for my users, so long as they see that the cert for
mail.foo.com was signed by the foo.com CA. But because I'll have one CA for each
domain, I'll again need multiple certs. Which implies that dovecot needs some
way to choose which one to use, for each login.
On Wed, 15 Feb 2006, Charles Marcus wrote:
> Ben wrote:
>> Hey guys, I've got dovecot configured to work perfectly for virtual users
>> across different domains. It's great.
>>
>> My problem is that, as far as I can tell, dovecot makes me use one SSL
>> certificate across all my domains. That's not what I want. Is there a way I
>> can get dovecot to use the cert for mail.foo.com when somebody is logging
>> into a foo.com account, and the cert for mail.bar.com when somebody is
>> logging into a bar.com account?
>>
>> Am I missing something obvious, or asking the impoosible?
>
> My (admittedly very limited) understanding of how SSL certs works is, one
> cert is bound to one URL/IP address combination - which means you cannot use
> public certs for hosts that are served on the same IP address. So, you'd have
> to be serving the IMAP connections for each domain on separate IP addresses -
> OR - use a blanket self-signed wildcard cert (basically, *.* as the FQDN),
> although I don't know how good of an idea that is.
>
> --
>
> Best regards,
>
> Charles
>
More information about the dovecot
mailing list