My (also limited, but growing) understanding of a server cert is that you can bind it either to an IP address or to a FQDN. I could just bind it to the IP address, and as long as I only used a single IP address for my imap server (likely) then I'd be okay....... EXCEPT that I'm cheap, and plan to self-sign the CA for all my domains.
That's not so much a problem for my users, so long as they see that the cert for mail.foo.com was signed by the foo.com CA. But because I'll have one CA for each domain, I'll again need multiple certs. Which implies that dovecot needs some way to choose which one to use, for each login.
On Wed, 15 Feb 2006, Charles Marcus wrote:
Ben wrote:
Hey guys, I've got dovecot configured to work perfectly for virtual users across different domains. It's great.
My problem is that, as far as I can tell, dovecot makes me use one SSL certificate across all my domains. That's not what I want. Is there a way I can get dovecot to use the cert for mail.foo.com when somebody is logging into a foo.com account, and the cert for mail.bar.com when somebody is logging into a bar.com account?
Am I missing something obvious, or asking the impoosible?
My (admittedly very limited) understanding of how SSL certs works is, one cert is bound to one URL/IP address combination - which means you cannot use public certs for hosts that are served on the same IP address. So, you'd have to be serving the IMAP connections for each domain on separate IP addresses - OR - use a blanket self-signed wildcard cert (basically, *.* as the FQDN), although I don't know how good of an idea that is.
--
Best regards,
Charles