Hello,
I want to use a different certificate for a different port(protocol). I searched http://wiki.dovecot.org/ and the mail archives. But such mechanism were not found. Could you implement a such mechanism? Or already implemented it, please teach how to do.
I am assuming the following situations. MailAddress: [users]@example.com SMTP Server: smtp.example.com POP3 Server: pop3.example.com IMAP Server: imap.example.com And pop3, imap, smtp are alias of real.example.com When use IMAPS, user connents imap.example.com POP3S, user connents pop3.example.com
But one Certification file certificates only one FQDN. For example, dovecot.conf written that protocols = imaps pop3s ssl_cert_file = /etc/ssl/certs/imap.example.com.cert.pem ssl_key_file = /etc/ssl/private/imap.example.com.key.pem # imap.example.com.cert.pem's CN is imap.example.com
In this pattern. MUA such as Thunderbird warn when connect pop3s because FQDN is different.
I have an simple idea in this problem. dovecot.conf protocols = imaps pop3s
- ssl_cert_file = /etc/ssl/certs/imap.example.com.cert.pem
- ssl_key_file = /etc/ssl/private/imap.example.com.key.pem # certification for imaps
- imaps_ssl_cert_file = /etc/ssl/certs/imap.example.com.cert.pem
- imaps_ssl_key_file = /etc/ssl/private/imap.example.com.key.pem # certification for pop3s
- pop3s_ssl_cert_file = /etc/ssl/certs/pop3.example.com.cert.pem
- pop3s_ssl_key_file = /etc/ssl/private/pop3.example.com.key.pem
Dovecot uses imaps_ssl_cert/key whenever MUA connects imaps port, uses pop3s_ssl_cert/key whenever MUA connected dovecot's pop3s port.
Could you discuss it? #If it was already discussed, please show pointer(URL) that discussion.
Regards.
NAJIMA Hiroki