[Dovecot] Two server certificates for two common names
Ed W
lists at wildgooses.com
Wed Aug 26 23:50:53 EEST 2009
Δημήτριος Καραπιπέρης wrote:
> Basically, server is not expecting any kind of domain on ssl
> handshake, but what if the server can serve more than one cert, so
> that clients
> using mail1.dom.gr and mail2.dom.gr , which resolve to the same
> dovecot instance but from different network segments
> could be certified.
>
> mail1.dom.gr -> 10.65.0.45 (private one)
> mail2.dom.gr -> 84.205.252.78
> (random numbers)
>
> In essence, it is the same dovecot instance.
I should imagine that you can achieve this using an external SSL wrapper
such as stunnel?
OR
You could use firewall rules to redirect incoming connections to
different local ports depending on where the connection originates.
Then setup appropriate config on each port to serve a different cert
This setup does sound workable
Ed W
More information about the dovecot
mailing list