Re: [Exim] Multiple SSL certificates

Góra strony
Delete this message
Reply to this message
Autor: Giuliano Gavazzi
Data:  
Dla: Tony Finch
CC: doctor, exim-users
Temat: Re: [Exim] Multiple SSL certificates

On Mon, 27 Oct 2003, Tony Finch wrote:
> >Can I request that support for multiple certificates be added to the
> >wish list please?
>
> I do this:
>
>         CERTS   = /opt/dist/certs

>
>         tls_certificate = CERTS/server/${lookup{$interface_address} \
>                                          cdb{DB/ipaddr2name.cdb}}

>
> The ipaddr2name table contains entries like
>
>         131.111.8.140   smtp.hermes.cam.ac.uk

>
> This is necessary because our reverse DNS refers to the host's name
> not the service name. If your DNS is differently set up you might
> be able to use a dnsdb lookup.
>


a simple encoding of the interface address in the certificate
name is another solution, perhaps with symlinks to allow for easy tracking
of what is what..

For instance:
tls_certificate = CERTS/server/$interface_address

and in CERTS/server you could have

x.y.z.t -> smtp.blah.blah.pem
x.y.z.t1 -> smtp.blah.blah.pem
smtp.blah.blah.pem

that would represent the setup for an smtp server with two interface
addresses.
A simple script would be able to keep this in synch by doing DNS A lookups
on all names of pem certs in this directory.

Giuliano