[Dovecot] Re: separate SSL certificates for pop3s and imaps
On Thu, Jul 07, 2005 at 08:58:35PM +0300, dovecot-request@dovecot.org wrote:
Hi,
I'm migrating a uw-imap installation to dovecot. With uw-imap I had different SSL certificates and keys for ipop3d and imapd. How can I configure dovecot to do the same with its pop3s and imaps services?
i run dovecot in a multihomed server with three different names:
mail.foo.edu smtp.foo.edu imap.foo.edu
which, for ssl purposes, means we need three different certs to keep applications happy. my approach is to start a seperate dovecot process for each address, and manage the configuration in three seperate files, each one telling dovecot to specifically bind to only one address, and use a seperate runtime directory specific to that address. so for example, in my initscript, instead of just doing something like:
start() { echo -n $"Starting $prog: " daemon $prog -c /etc/dovecot.conf RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog return $RETVAL }
i do something like:
start() { echo -n $"Starting $prog: " for s in imap mail smtp; do mkdir -p /var/run/dovecot/${s}.foo.edu daemon $prog -c /etc/dovecot/${s}.foo.edu.conf done RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog return $RETVAL }
where the value of the ssl cert config is different in each of the files. you could extend this to also have one config file to only listen for pop and the other only for imap.
hth, sean
On Thu, 2005-07-07 at 15:37 -0400, sean finney wrote:
On Thu, Jul 07, 2005 at 08:58:35PM +0300, dovecot-request@dovecot.org wrote:
Hi,
I'm migrating a uw-imap installation to dovecot. With uw-imap I had different SSL certificates and keys for ipop3d and imapd. How can I configure dovecot to do the same with its pop3s and imaps services?
I actually have exactly the same problem; and I'm waiting for the final 1.0 release in the hope it will be addressed.
Is this still a planned feature ?
Thanks ! Vincent.
i run dovecot in a multihomed server with three different names:
mail.foo.edu smtp.foo.edu imap.foo.edu
which, for ssl purposes, means we need three different certs to keep applications happy. my approach is to start a seperate dovecot process for each address, and manage the configuration in three seperate files, each one telling dovecot to specifically bind to only one address, and use a seperate runtime directory specific to that address. so for example, in my initscript, instead of just doing something like:
start() { echo -n $"Starting $prog: " daemon $prog -c /etc/dovecot.conf RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog return $RETVAL }
i do something like:
start() { echo -n $"Starting $prog: " for s in imap mail smtp; do mkdir -p /var/run/dovecot/${s}.foo.edu daemon $prog -c /etc/dovecot/${s}.foo.edu.conf done RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog return $RETVAL }
where the value of the ssl cert config is different in each of the files. you could extend this to also have one config file to only listen for pop and the other only for imap.
hth, sean Vincent Jaussaud, Kelkoo.com IT Architect --- There may be said to be two classes of people in the world; those who constantly divide the people of the world into two classes and those who do not. -- Robert Benchley
I'm migrating a uw-imap installation to dovecot. With uw-imap I had different SSL certificates and keys for ipop3d and imapd. How can I configure dovecot to do the same with its pop3s and imaps services?
Hello,
Could this be linked to the issue I have with multiple instances of davecot talking to each other although they shouldn't ?
http://www.dovecot.org/list/dovecot/2005-July/007886.html
Flavien.
On Fri, Jul 08, 2005 at 04:08:51PM +0200, Vincent Jaussaud wrote:
I'm migrating a uw-imap installation to dovecot. With uw-imap I had different SSL certificates and keys for ipop3d and imapd. How can I configure dovecot to do the same with its pop3s and imaps services?
I actually have exactly the same problem; and I'm waiting for the final 1.0 release in the hope it will be addressed.
Is this still a planned feature ?
I got the info via private mail that with dovecot-1.0-* you can actually do something like
protocol imap { listen = *:143 ssl_listen = *:993 ssl_cert_file = /etc/ssl/imapd.pem ssl_key_file = /etc/ssl/imapd.pem ... }
protocol pop3 { listen = *:110 ssl_listen = *:995 ssl_cert_file = /etc/ssl/pop.pem ssl_key_file = /etc/ssl/pop.pem ... }
I'll try it out today.
Hope it helps,
_________________________creating IT solutions Michael Weiser science + computing ag bei Eisenbahn und Haefen Postfach 11 02 63 Hagellocher Weg 71-75 47142 Duisburg 72070 Tuebingen, Germany phone +49 203 52 26341 www.science-computing.de
On Fri, Jul 08, 2005 at 06:07:58PM +0200, Michael Weiser wrote:
I'm migrating a uw-imap installation to dovecot. With uw-imap I had different SSL certificates and keys for ipop3d and imapd. How can I configure dovecot to do the same with its pop3s and imaps services? I actually have exactly the same problem; and I'm waiting for the final 1.0 release in the hope it will be addressed. Is this still a planned feature ? I got the info via private mail that with dovecot-1.0-* you can actually do something like
protocol imap { listen = *:143 ssl_listen = *:993 ssl_cert_file = /etc/ssl/imapd.pem ssl_key_file = /etc/ssl/imapd.pem ... } protocol pop3 { listen = *:110 ssl_listen = *:995 ssl_cert_file = /etc/ssl/pop.pem ssl_key_file = /etc/ssl/pop.pem ... }I'll try it out today.
I tried it with test76 and it works like a charm. Thanks for all your help.
bye,
_________________________creating IT solutions Michael Weiser science + computing ag bei Eisenbahn und Haefen Postfach 11 02 63 Hagellocher Weg 71-75 47142 Duisburg 72070 Tuebingen, Germany phone +49 203 52 26341 www.science-computing.de
I tried it with test76 and it works like a charm. Thanks for all your help.
That's great news ! Do you know if it's working for the 1.0-stable branch as well ?
Thanks ! Vincent.
bye, Vincent Jaussaud, Kelkoo.com IT Architect --- The questions remain the same. The answers are eternally variable.
participants (4)
-
Flavien
-
Michael Weiser
-
sean finney
-
Vincent Jaussaud