[Dovecot] Two server certificates for two common names

[Ed W]

Δημήτριος Καραπιπέρης wrote:
> So ,
> on one dovecot instance, it is impossible to have two ssl certificates 
> for two distinct common names.
> right?
>

You are kind of asking two questions here:

1) SSL as it stands maps one IP address to one certificate.  The basic 
issue is that, bar a few exceptions, there is no clear way to connect to 
an IP address and say what "domain" you are expecting to see on the 
other end, hence allowing the other end to present the domain specific 
cert.  This is currently not fixable, but you can work around it by 
getting one cert with all your CNs on it (see Subject Alt Name)

2) Does Dovecot support running on 2 ips with different certs on each 
IP?  I think the answer is currently no?  You could run two dovecot 
instances though...  I believe this is on the todo list for a later 
version, but as yet not that high up the priority list? (Timo?)  So this 
bit is fixable in various ways

Does that help?

Ed W