On 03/19/2014 02:52 AM, Postmaster wrote:
On 18/03/2014 19:54, Eric Shubert wrote:
On 03/18/2014 11:32 AM, Postmaster wrote:
Hello all,
I browsed all past e-mail in the list, but was not able to see how this
is done.
I need to have several certificates (servercert.pem) for every different
domain name, say
mail.domain1.com and mail.domain2.com. Is there any way to set it up?
I know there was a qmail patch
https://bugs.gentoo.org/show_bug.cgi?id=94257, but it
is very outdated now.
Regards
Alex
---------------------------------------------------------------------
I don't understand how this patch would be implemented. What basis
would be used to set the $TCPLOCALHOST or $TCPLOCALIP variables?
My understanding is that it allows usage of different certificates
depending on the environmental variables ($TCPLOCALHOST or $TCPLOCALIP).
Yes, but how are these environment variables going to be set? They could
be set by tcpserver (tcp.smtp file), but that's just by IP address. In
any case, the variable(s) would need to be set before qmail-smtpd is
invoked. I don't know how that could happen.
However, any other ideas how the self-signed certs can be used with
multiple domains are appreciated.
Using multiple certificates with SSL connections is inherently
impossible. This is because SSL connections are made before any data is
transmitted indicating which domain is being requested. As a result, any
given IP/port combination can use only one cert with an SSL connection.
That being said, you could use a different port or IP address for each
certificate. But why? The domain name for the server doesn't need to be
the same as the domain for the email messages. Simply have the users use
the hostname associated with the cert as their imap/pop3/smtp server
name. Is there a problem with that?
--
-Eric 'shubes'
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
