Multiple IMAP-SSL certificates?

Discussion in 'Installation/Configuration' started by bswinnerton, Oct 15, 2011.

  1. bswinnerton

    bswinnerton New Member

    Is it possible to have multiple IMAP-SSL certificates on one ISPConfig server? I have two ip addresses linked to it, and the SSL works great as far as a browser is concerned, but when I try connecting with a mail client, it thinks that it's the first IMAP-SSL instead of the newly created one with the second ip address.

    Much thanks
     
    bswinnerton, Oct 15, 2011
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    As far as i know, neither courier nor dovecot support the configuration on multiple ssl certs per server.
     
    till, Oct 16, 2011
    #2
  3. The Other Air Force

    The Other Air Force New Member

    Hi,
    In the master.cf file I have Postfix setup as follows:

    <IP Address 1>:smtps inet n - - - - smtpd
    -o myhostname=<hostname>
    -o smtp_tls_security_level=may
    -o smtpd_tls_cert_file=<certificate filename>
    -o smtpd_tls_key_file=<key filename>
    -o smtpd_tls_CAfile=<bundle filename>
    -o smtp_bind_address=<IP Address 1>
    -o myorigin=<hostname>


    <IP Address 2>:smtps inet n - - - - smtpd
    -o myhostname=<hostname>
    -o smtp_tls_security_level=may
    -o smtpd_tls_cert_file=<certificate filename>
    -o smtpd_tls_key_file=<key filename>
    -o smtpd_tls_CAfile=<bundle filename>
    -o smtp_bind_address=<IP Address 2>
    -o myorigin=<hostname>

    I have Courier setup basically what you do is set the following directives. In imapd-ssl and pop3d-ssl I have the following set:

    TLS_CERTFILE=<path to CERT FILE>
    TLS_TRUSTCERTS=<path to bundle file>

    Then in the directory where these files located I have files that end in the IP address of host. If my filenames above are /etc/courier/darwin then I would have darwin.<ip address 1> and darwin.<ip address 2>

    More information about the formats of the files can be found in the configuration file.

    Hope this helps. The only issue that I have with postfix is that outbound mail always appears to come from one of the hostnames. I haven't figured out how to get it to appear from the hostname it was sent from. It hasn't been an issue for me so I haven't dug into it. (Any hints from anyone?).
     
    The Other Air Force, Oct 16, 2011
    #3
  4. The Other Air Force

    The Other Air Force New Member

    Just an update.

    After updating my DNS to include AAAA I couldn't get any IPv6 clients to connect to Courier with SSL. I had to make a link to the certificate files with the IPv6 addresses at the end, courier couldn't find the files for the IPv6 addresses. So now I have this:

    TLS_CERTFILE=/etc/courier/darwin

    with these files in the /etc/courier directory
    darwin.<IPv4 address 1> and darwin.<IPv4 address 2>
    darwin.<IPv6 address 1> and darwin.<IPv6 address 2>
     
    The Other Air Force, Nov 3, 2011
    #4

Share This Page