[Dovecot] Dovecot replies with default SSL certificate instead of the vhost's

Reindl Harald h.reindl at thelounge.net
Mon Sep 16 14:36:53 EEST 2013



Am 16.09.2013 13:33, schrieb Shadi Habbal:
> After some digging, Subject Alternative Names (SANs) is the way to have one certificate which holds many domain names in the SubjectAltNames field
> Here is a script to generate a CSR that holds different SANs: http://svn.cacert.org/CAcert/Software/CSRGenerator/csr

that's nice but not practically useable
you hardly can add a SAN everytime you get a new domain

the main question remains:

* why is anybody doing this?
* "the user wants "mail.hisdomain.tld" is *not* a valid reason and should
  lead to explain the user the stupidity of doing so for no benefit

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130916/14f40d00/attachment.bin>


More information about the dovecot mailing list