Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
courier-imapd + gnutls + one public IP with multiple domains
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
noclear2000
Apprentice
Apprentice


Joined: 21 Jun 2006
Posts: 153
Location: Germany

PostPosted: Fri Jan 22, 2016 12:23 pm    Post subject: courier-imapd + gnutls + one public IP with multiple domains Reply with quote

hi there

Since years I am running Courier-IMAP and postfix for my mail in a simple setup. One public IP with a single hostname - easy as can be. Works great and I am happy.

Lately I had the need to introduce multiple domain names which lead me to using e.g. apache vhosts for hosting them on the single public IP. Also no issue including proper SSL certs per domain as I can easily specify a specific CertFile per vhost.

Postfix & Courier IMAP however are a problem when it comes to SSL Certs. With a dedicated IP per domain it should be easy according to the docs but with a single IP...

Is anyone out there who operates Courier-IMAP/postfix with multiple domain names on a single IP with SSL and no warning message on client side (regarding name mismatch at least)? If yes, some hints on how to configure Postfix and Courier?

In Courier config I found:
Code:

# VIRTUAL HOSTS (servers only):
#
# Due to technical limitations in the original SSL/TLS protocol, a dedicated
# IP address is required for each virtual host certificate. If you have
# multiple certificates, install each certificate file as
# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address
# for the certificate's domain name. So, if TLS_CERTFILE is set to
# /etc/certificate.pem, then you'll need to install the actual certificate
# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3
# and so on, for each IP address.
#
# GnuTLS only (servers only):
#
# GnuTLS implements a new TLS extension that eliminates the need to have a
# dedicated IP address for each SSL/TLS domain name. Install each certificate
# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem,
# then you'll need to install the actual certificate files as
# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com
# and so on.
#
# Note that this TLS extension also requires a corresponding support in the
# client. Older SSL/TLS clients may not support this feature.
#
# This is an experimental feature.

TLS_CERTFILE=/etc/courier-imap/imapd.pem


That sounded promising so I compiled courier with gnutls flag and tried the GnuTLS only hints above, means:

I placed my certs in the following locations:
/etc/courier-imap/imapd.pem.myhostname1.tld
/etc/courier-imap/imapd.pem.myhostname2.tld

But it simply says "/etc/courier-imap/imapd.pem" no such file upon startup (when running init-script start)


Any input is appreciated. Thanks!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum