[Dovecot] Different IPs should use different ssl-certs/keys
I don't understand how to use multiple keys/certs on different IPs without SNI.
http://wiki2.dovecot.org/SSL/DovecotConfiguration explains how to use different keys for different protocols like POP3 and IMAP.
But how to bind those keys/ on IPs/Ports?
Looks like it is not possible to use ssl_cert inside
service { inet_listener {} }
Is it still necessary to run multiple instances like it was in Dovecot 1.2.x?
Peer
--
Heinlein Professional Linux Support GmbH Linux: Akademie - Support - Hosting
http://www.heinlein-support.de Tel: 030 / 40 50 51 - 0 Fax: 030 / 40 50 51 - 19
Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin
On Sun, Aug 29, 2010 at 3:07 PM, Peer Heinlein
<p.heinlein+dovecot@heinlein-support.de> wrote: > > I don't understand how to use multiple keys/certs on different IPs > without SNI. > > http://wiki2.dovecot.org/SSL/DovecotConfiguration explains how to use > different keys for different protocols like POP3 and IMAP. > > But how to bind those keys/ on IPs/Ports? > > Looks like it is not possible to use ssl_cert inside > > service { inet_listener {} } > > > Is it still necessary to run multiple instances like it was in Dovecot > 1.2.x?
After the initial ssl stuff (ssl=yes, etc), you just need a number of 'local' stanzas, each looking like:
local <ip address> { ssl_cert =
one after another. I haven't tried doing it with different ports though; I just use iptables to DNAT ports to different private IPs.
And IIRC you still need a top-level "default" ssl_key and ssl_cert as well, or it'll complain.
participants (2)
-
Mark Moseley
-
Peer Heinlein