Yes, assuming each domain is using a seperate IP address. Name the
certificates by IP address. esmtpd.pem.1.2.3.4 and such. It is not
possible to use multiple certificates with a single IP address hosting
multiple domains. This is a limitation of SSL not Courier, Apache has the
same limitation. There is apprently no way for the server to know which
domain was called at the start of the SSL session and thus, no way of
responding with the correct certificate.
Thanks for the prompt response, Jay. Yeah, we have one box (2 processors
:), on one ip. This is just wishing now, but I wonder if there is a way to
extend the ssl handler to be just like apache's handling of vhosts. IOW,
pull the url name from the request, and use that to pick our cert. Seeing
as how my ISP does not do ipv6, multiple ip addresses sorta eliminate the
whole idea of having vhosts. Is this a thing that comes from the openssl
libs? if so, maybe they need patching, and maybe an rfc somewhere needs to
be revised. Thanks again for the info.
Philip Howells
PFC, 3-7 Cav. US Army
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT d--(---)@ s+:- a23 C++@ UL+++>++++$ P+>+++$ !E----(nano) W++ N+ o? K?
!w O- M@ V- PS--(+) PE++ Y+(++) PGP++ t 5 X+ !R- tv- b++ Dl+ D+ G e->++
h----(++) r+++ y+++(+++++)
------END GEEK CODE BLOCK------
8 messages in net.sourceforge.lists.courier-usersRe: [courier-users] courier certificates
