[Dovecot] Multiple certificates

Gerhard Wiesinger lists at wiesinger.com
Tue Oct 31 07:10:45 UTC 2006


I tried:

server intern
{
   listen = 192.168.0.2
   ssl_cert_file = /etc/pki/dovecot/dovecot.pem
}

server extern
{
   listen = 1.2.3.4
   ssl_cert_file = /etc/pki/dovecot/dovecot-extern.pem
}

I get Error: Error in configuration file /etc/dovecot.conf line 19: 
Expecting '=' (the line with server). I also tried group instead of 
server.

Is the feature removed from 1.0 series?

What's wrong? I use 1.0rc10.

Thank you for the answer.

Ciao,
Gerhard

--
http://www.wiesinger.com/


On Mon, 30 Oct 2006, Steffen Kaiser wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 26 Oct 2006, Phill Edwards wrote:
>
>> I have dovecot version 1.0 relese 0.beta8.2.fc5 installed on my FC5
>> linux box. It acts as an IMAP server to my home LAN. I connect to it
>> from the home PCs over SSL and have installed a certificate in the
>> domain imap.edwards.home to enable this.
>
> Hmm, UW-Imap does support only one certificate, too, hence, I'm puzzled why 
> it did worked before.
>
>> Login failure: Certificate failure for XXX.homelinux.com: self signed 
>> certificate: /C=AU/ST=NSW/L=Sydney/O=Edwards/OU=IMAP 
>> server/CN=imap.edwards.home/emailAddress=philledwards at gmail.com
>
> Which side gives you this error? Dovecot or xs2mail.com?
> IMHO: The error looks like the "self signed" part is the problem. You 
> probably need to store the public certificate on xs2mail.com, in order the 
> server can validate it.
> Do you use the _same_ certificate with Dovecot as with UW-Imap? This should 
> give you the same situation as before.
>
>> <snip>
>> 1.0-tests support "virtual servers", where this is possible:
>> 
>> server foo {
>> listen = 1.2.3.4
>> ssl_cert_file = /etc/ssl/certs/foo.cer
>> }
>> 
>> server bar {
>> listen = 1.2.3.5
>> ssl_cert_file = /etc/ssl/certs/bar.cer
>> }
>> </snip>
>> 
>> Can anyone help me figure this out?
>
> Give your server two IP addresses, then bind a Dovecot with certificate 
> foo.cer on one address, and a Dovecot with bar.cer on the other one.
>
> Because SSL is implemented as tunnel and no symbolical ip name information is 
> passed in IMAP, you can have only one certificate per IP address at maximum. 
> However, most OSes allow you to bind several IP addresses to one physical 
> NIC.
>
> Bye,
>
> - -- Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iQEVAwUBRUW6+i9SORjhbDpvAQJ4JwgAyjBt/LM2wqEomIXuEqr1iIndv0ZeWtWP
> soHBJjDy1ea29doOj5M4KHdJXm8wuiYUtWckx9RK68j2AcXvNNZPJrlbLS1nqCzc
> XE6Qbj/AXChIZ/72+XpSnhkO5lFrH6wtD4py2/tipimvjQCZG2atA9FFUSBJlAV5
> puDkhLgXaHU/ehyJs4a+GXmyCnn0MTG5FrtM03Io7aMy+kV2T/3WMA5eyMSKs5bt
> zSXf36BSV2c8J4hLiPx4bD1ZESuzVIOEqNs3aBMxNZglni00QJBIPR1omMB5ucOq
> zwOuSp7YU/znAPij8OI4kaRse5SrhKAbf5GU84XFYH0/oFkPWRuatQ==
> =FxcS
> -----END PGP SIGNATURE-----
>


More information about the dovecot mailing list