[Exim] More than one X509 Server Cert with different CNs

Top Page
Delete this message
Reply to this message
Author: Uwe Guenther
Date:  
To: exim-users
Subject: [Exim] More than one X509 Server Cert with different CNs
This is a cryptographically signed message in MIME format.
--
Hello at exim-user,

I use the latest exim-4.30 Debian Woddy backport (exim-heavy-daemon)
from Andreas Metzler. Thanks Andreas!

Now my problem, I use two DNS A records to advertis my SMTP-Server:

mx.cscc.de.                     IN      A               80.190.249.58
smtp.cscc.de.                   IN      A               80.190.249.58


The first should be the primary mx where other SMTP host deliver mail to me.
The second will be used for thump clients like Mozilla, Netscape, etc. -
say as a smarthost.

The hosts native name is frodo.cscc.de, so I have the setting in exim.conf:

primary_hostname = mx.cscc.de

My problem encounters while I want to provide two X509 certs, one for mx.cscc.de
and a second one for mx.cscc.de to prevent a domain name mismatch if some clients
look at the X509 CommonName - like Mozilla.

So I need to get out the connected A Record. Exist there one Expansion Vars to
get out these value? But it seems to me that this is impossible to exim to get this
value out.

So in my opinion I can use this only with a second $interface_address for my
A Record like this:

smtp.cscc.de.                   IN      A               80.190.249.59


What did you mean?


--
Best Regards Uwe Guenther

Fingerprint of my S/MIME Cert:

MD5 = 84:E9:8A:2D:E7:65:8D:11:4D:BC:E9:09:54:A3:2B:3C
SHA1 = B0:CB:91:66:87:B6:87:74:DB:64:6F:AF:7E:DC:B9:0B:EC:06:44:83

Root CA Certs: http://www.cscc.de/~uwe/certs/user/
--
Content-Description: S/MIME Cryptographic Signature

[ smime.p7s of type application/x-pkcs7-signature deleted ]
--