PenguinDude24 writes:
On 05/09/2014 05:43 PM, PenguinDude24 wrote: > EHLO, > > I am trying to configure courieresmptd to use vanity server (aka vhost). > I have been running one domain for months now. > > I bought another domain few days ago and I want to know how to configure > TLS for vhosts (domain1.com, domain2.com). > > Normally, one would put: > > file: /etc/courier/esmtpd > --------------------------- > TLS_CERTFILE=/$path_to_certfile > > > But how does one specify more than one certificate? > > Use semi-colons: > TLS_CERTFILE="/$path_to_certfile_1:/$path_to_certfile_2" >Never mind, I found it on some old mailing list posts. Use commas and space for vhosts. Wasn't clear enough from /etc/courier/esmtpd: TLS_CERTFILE="/$path_to_certfile_1, /$path_to_certfile_2"
Are you sure about that? If this actually works, this would work only if Courier is built against OpenSSL, which is the default. TLS_CERTFILE gets passed directly to SSL_CTX_use_certificate_chain_file() which, AFAIK takes a single filename.
If this works, this must be getting handled entirely by OpenSSL. Explicit support for this in Courier is implemented only when Courier is built with a custom option to use GnuTLS instead of OpenSSL (although some distributions already configure Courier to use GnuTLS by default).
For GnuTLS, set TLS_CERTFILE=/etc/certificates and install your certificates as /etc/certificates.example.com /etc/certificates.domain.comand so on. There's a single TLS_CERTFILE setting, and each certificates names is $TLS_CERTFILE.domain.
$TLS_CERTFILE along can still be a certificate that will be used for any host that's not.
pgpWXMhpWbqzG.pgp
Description: PGP signature
------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users