Still another way to solve the problem is, do not use a second imap daemon. Generate your server certificate with CN=<hostname of server> and alternative names of DNS:<hostname of server>,DNS:server1.test.net,DNS:server2.test.net and all alias names that may be used by clients to connect to the server. openssl x509 allows you to do that. We found it essential to repeat CN in the alternative names list. All modern mailtools accept a cerificate if CN or one of the alternative names matches. One notable exception is pine (or better the c-client library at the pine61 level). It only tests CN and complains if it does not match or you have used the novalidate-cert switch. Maybe Mark could extend the code to accept the alternative names.
Kind regards Paul On Thu, 16 Jun 2005, Mark Crispin wrote: > On Thu, 16 Jun 2005, Matt Linton wrote: > > One imap daemon can only have one signed certificate (to my knowlege). > > However, due to creative routing and things, the requests to > > <server1.test.net> are coming FROM <server2.test.net> as well as from > > server1. > > Another way to solve the problem is to have a *.test.net certificate. > Wildcard certificates are not deployed lightly, but at times they have > their uses. > > -- Mark -- > > http://staff.washington.edu/mrc > Science does not emerge from voting, party politics, or public debate. > Si vis pacem, para bellum. > _______________________________________________ > Imap-uw mailing list > Imap-uw@u.washington.edu > https://mailman1.u.washington.edu/mailman/listinfo/imap-uw > ======================================================================== Paul Tedaldi | Informatikdienste | Email: [EMAIL PROTECTED] Universitaet Zuerich | Winterthurerstr. 190 | Tel: +41 (0)44 635 4523 CH-8057 Zuerich | Fax: +41 (0)44 635 4505 Switzerland | ======================================================================== _______________________________________________ Imap-uw mailing list Imap-uw@u.washington.edu https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
