On 11.12.2015 09:11, Zalezny Niezalezny wrote: > is it possible to configure in Postfix multiple TLS certificates.
AFAIK, you can configure each smtp and smtpd instance with a certificate of its own, so you could, for instance, have several smtpds listening on different IP addresses, each with an individual certificate. You could also specify different smtp transports services and have them use different certificates or CAs. But one smtpd and one smtp can be equipped with only one certificate. > For example, on my LAN relay server I must configure TLS for the unix > domains and for windows domains. Both domains use different names. How > to manage that part ? You're talking about receiving mail from the Internet, right? Typically, you'll have shared MX records for both domains. Your relay servers' certificates would typically reflect their host names, which doesn't necessarily need to have any similarities with the domains it's receiving mail for. You typically use the same name as the one in $myhostname as the CN of a server's certificate. > How to generate certificates than ? Is it possible to map some how TLS > certificates for the different domains ? Supposing that you have different MX records for your two domains, then I suppose that you might be able to generate or request certificates with corresponding SubjectAlternativeNames. I'm not sure whether those are widely supported in Internet MTAs, though. Cheers, Tobias
