Re: [exim] Multiple SSL certificates

Top Page
Delete this message
Reply to this message
Author: SerNet Support Lutz Preßler
Date:  
To: Michiel (Eduwijs B.V)
CC: exim-users
Subject: Re: [exim] Multiple SSL certificates
> Because our server is used by multiple domains, the server can be
> connected to by:
> smtp.domain1.com
> smtp.domain2.com
> smtp.domain3.com
>
> Now I can only setup 1 SSL certificate, but that won't work for the
> other domains. Also if I set the CN to the IP address from the server,
> the clients will still get a 'Domain Mismatch' error. I want to avoid
> that error.

Do I understand correctly, that you want to use multiple names for
one IP address? Then it is not possible to use different certificates,
because exim cannot know which name the client used for connecting
before switching to TLS/SSL.
>
> So is there a possibility, to setup a SSL certificate per domain? So for
> every domain I have another SSL certificate. Or does Exim not support that?

With multiple IP addresses it is possible as the global
tls_certificate option is expanded. Use something like
tls_certificate = /etc/exim/$received_ip_address.cert
($interface_address in older Exim versions). You can also set and use
smtp_active_hostname.


Lutz

-- 
Lutz Preßler  <Lutz.Pressler@???>    http://www.SerNet.DE/
SerNet Service Network GmbH, Bahnhofsallee 1b, D-37081 Göttingen
Tel.: +49-551-370000-2,      FAX: +49-551-370000-9
AG Göttingen, HRB 2816,      GF: Dr. Johannes Loxen