[Dovecot] One dovecot, multiple domains
Charles Marcus
CMarcus at Media-Brokers.com
Thu Feb 16 16:29:59 EET 2006
Ben wrote:
> My (also limited, but growing) understanding of a server cert is that
> you can bind it either to an IP address or to a FQDN. I could just bind
> it to the IP address, and as long as I only used a single IP address for
> my imap server (likely) then I'd be okay....... EXCEPT that I'm cheap,
> and plan to self-sign the CA for all my domains.
What does that have to do with it? You can still self-sign the cert
using just the IP as the CN.
> That's not so much a problem for my users, so long as they see that the
> cert for mail.foo.com was signed by the foo.com CA.
But thats just it - if you bind the cert to the IP, they won't see
'mail.foo.com', they'll see the IP address - and they will have to use
the IP address for their 'Incoming Mail Server' setting in their MUA as
well.
> But because I'll have one CA for each domain, I'll again need
> multiple certs. Which implies that dovecot needs some way to choose
> which one to use, for each login.
If you want your users to actually see the cert for mail.foo.com is from
foo.com CA, then I think your only option is to bind multiple IP
addresses to the NIC, and use a different IP for each customer. You
could still self-sign them, but at least they'd see the desired CN and CA.
--
Best regards,
Charles
More information about the dovecot
mailing list