[Dovecot] Proxying, pertinent values and features, SNI
Ed W
lists at wildgooses.com
Wed Apr 3 13:13:41 EEST 2013
Hi
> I presume to best support all(?) clients out there is to have "local_name"
> sections for SNI first and then "local" sections for IP address based
> certs. It is my understanding that SNI needs to be requested by the
> client, so aside from client bugs (nah, those don't exist ^o^) every
> client should get an appropriate response for TLS.
> Has anybody done a setup like that already?
>
Although not what you asked for, just so you are aware, Godaddy (boo
hiss, etc) offer reasonably inexpensive multi subject alt name based
certs. This means you can have a single cert which is valid for lots of
completely different domain names. The mild benefit is that this
doesn't require SNI support for SSL (which I'm unsure is supported by
many mail clients?)
Although it's more expensive, I think it's a good solution (I'm using it
for a small 5 domain installation)
Good luck
Ed W
More information about the dovecot
mailing list