On 05/14/17 07:20, Bruno Pagani wrote:
Le 14/05/2017 à 09:59, Mik J a écrit :
Thank you Edgar,
You wrote multiple IP adresses. Does it mean that 1 IP address = 1
certificate ?
Can't be do 1 IP address = x certificates ?
No, you can do 1 IP = x certs, thanks to SNI. I do that, my conf:
pki domain1.com certificate "/etc/smtpd/tls/domain1.com.crt"
pki domain1.com key "/etc/smtpd/tls/domain1.com.key"
pki domain2.com certificate "/etc/smtpd/tls/domain2.com.crt"
pki domain2.com key "/etc/smtpd/tls/domain2.com.key"
listen on <IP/dev> hostname <defaulthostname> port 25 tls
The hostname part is only necessary if you want to advertise a
specific hostname when contacted without SNI. The important thing is
to not specify a pki.
Regards,
Bruno
I think I used two because the <hostname> table is a mapping from an ip
to a name. I'll have to give this a try.
