Hey Marc,
as I shown in my setup - use DNS-challenge to get wildcard certificates.
Although Javas implementation of TLS in fact does support SNI (Server
Name Indication ), I guess most of mail clients won't - altough it's not
that unusual nowadays that there multiple logics hosts on one physical
machine (virtual hosting). But I have to admit - I quickly looked into
java-doc - it's even not that easy to set a SNI hostname - neither
serverside nor clientside.
So, I guess it should be possible to implement SNI in James - even
configureable through smtp/imap/pop3server.xml - but you won't have any
luck there would not be much clients even try to use it. I guess the
other option is then: If you wan't one james instance for multiple
domains all on the same IP - then yeap, you have to get at least one
certificate for james wich includes all domains at thier sub-domains (or
wildcard) at choose at least one "main" domain to set as the common name
- unless you'Re using you're own client wich implements SNI (for wich
you may have to re-write javamail-api - as this doesn't make use of SNI
either).
Matt
Am 23.02.2019 um 17:20 schrieb Craig Cudmore:
You should be able to add subjectAltName entries to the certificate so it will
be good for multiple domains.
Craig Cudmore
613-868-7316
On Feb 23, 2019, at 11:17 AM, Marc Chamberlin <m...@marcchamberlin.com> wrote:
I hope I can follow in the footsteps of someone who has done this
already... My James server is going to be handling multiple domains,
each with its own set of sub-domains and I wish to use LetsEncrypt
certificates to handles the StartTLS or SSL/TLS connections that each
domain wants. Most of the examples shown on the internet show how to set
up a certificate for a single domain, not helpful! The instructions show
at https://james.apache.org/server/3/config-ssl-tls.html explain that
James uses a keystore which can store multiple certificates but then
there is this caveat - " You MUST have only one certificate in the
keystore file used by James." Really? Does this mean I have to create a
LetsEncrypt certificate with ALL the variants of -D <domainnames> for
ALL the domains that I want to support? That is going to be one heck of
a long command and difficult to maintain as I add and remove domains
from my server! I am confused and hoping there is an easier way to
manage this for James... (Wish this was handled like Apache HTTP server
does it, one separate certificate per domain which all the subdomains
included... This keystore complicates things IMHO..) So would appreciate
it is some kind guru could show me how to set up certificates for a
collections of domains so that I can also manage the various subdomains
as well. For example -
www.domain1.com, mail.domain1.com, ftp.domain1.com, ssh.domain1.com, ...
www.domain2.com, mail.domain2.com, ftp.domain2.com, ssh.domain2.com, ...
www.domain3.com ...
...
All in one certificate??? Thanks for any advice in advance... Marc...
--
Linux Counter
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
