Hi, thanks for Your feedback. I just solved my issue.
I will simply generate normal key and csr with openssl command. My local certify authority will provide me certificate which will be signed with the list of specified by me domains. Then we can have single certificate which will be able to encrypt traffic for all specified domains. This is solution for my internal relay system but I believe it should also works with external domains. Thanks for Your support.. Cheers Zalezny On Fri, Dec 11, 2015 at 2:24 PM, Tobias Reckhard < tobias.reckh...@secunet.com> wrote: > On 11.12.2015 09:11, Zalezny Niezalezny wrote: > > is it possible to configure in Postfix multiple TLS certificates. > > AFAIK, you can configure each smtp and smtpd instance with a certificate > of its own, so you could, for instance, have several smtpds listening on > different IP addresses, each with an individual certificate. You could > also specify different smtp transports services and have them use > different certificates or CAs. But one smtpd and one smtp can be > equipped with only one certificate. > > > For example, on my LAN relay server I must configure TLS for the unix > > domains and for windows domains. Both domains use different names. How > > to manage that part ? > > You're talking about receiving mail from the Internet, right? Typically, > you'll have shared MX records for both domains. Your relay servers' > certificates would typically reflect their host names, which doesn't > necessarily need to have any similarities with the domains it's > receiving mail for. You typically use the same name as the one in > $myhostname as the CN of a server's certificate. > > > How to generate certificates than ? Is it possible to map some how TLS > > certificates for the different domains ? > > Supposing that you have different MX records for your two domains, then > I suppose that you might be able to generate or request certificates > with corresponding SubjectAlternativeNames. I'm not sure whether those > are widely supported in Internet MTAs, though. > > Cheers, > Tobias >
