> > Sort of a newbie question I guess... thanks in advance for your patience.
> >
> > I have two IP addresses on a machine and two SSL certs - one for each
> > domain
> which point to one of the two IP addresses.
> >
> > To have Courier IMAPs and POP3s listening with the different SSL
> certificates on each IP address, do I have to start a different instance of
> each
> service such that I have four startups instead of just two? (one IMAPs per IP
> addr and one POPs per IP)
>
> Install your certificate file as $CERTFILE.a.b.c.d, where "a.b.c.d" is the
> corresponding IP address.
>
> > If I look at the file /usr/lib/courier-imap/libexec/imapd-ssl.rc, I see
> > the name of the configuration file in /usr/lib/courier-imap/etc is hard
> > coded to imapd-ssl. Should I change that script to make it so that the
> > name of the configuration file to be used comes from the command line
> > (perhaps $2)?
>
> No. One configuration file. One imap/pop3 server instance. Multiple
> certificate
> files named accordingly.
Wow, I am amazed - happily surprised. This is great! It's in the
configuration file after all:
# VIRTUAL HOSTS (servers only):
#
# Due to technical limitations in the original SSL/TLS protocol, a dedicated
# IP address is required for each virtual host certificate. If you have
# multiple certificates, install each certificate file as
# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address
# for the certificate's domain name. So, if TLS_CERTFILE is set to
# /etc/certificate.pem, then you'll need to install the actual certificate
# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3
# and so on, for each IP address.
What's very interesting is GNU TLS:
# GnuTLS only (servers only):
#
# GnuTLS implements a new TLS extension that eliminates the need to have a
# dedicated IP address for each SSL/TLS domain name. Install each certificate
# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem,
# then you'll need to install the actual certificate files as
# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com
# and so on.
I didn't know about GNU TLS, but it sounds promising. I will be curious to see
if it is supported by clients like Thunderbird, etc.
THANKS VERY MUCH, Sam!!!!!
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
