[exim] Question regarding TLS SNI Certificates

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Sherin A
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [exim] Question regarding TLS SNI Certificates
Hello,

I am configuring exim with a number of domains to use SNI certificates.
I have domains which use lets encrypt and commercial ssl certificates.
The certificates and keys as follows,

For the domain foo.com with user foouser :

    Lets encrypt ssl certificate =
/etc/letsencrypt/live/foo.com/fullchain.pem
    Lets encrypt ssl key  = /etc/letsencrypt/live/foo.com/privkey.pem
    Commercial ssl certificate =
/var/panel/userdata/foouser/ssl/foo.com-combined.pem
    Commercial ssl key file =
/var/panel/userdata/foouser/ssl/foo.com-key.pem

So now I have the following configuration in exim.conf . I think it
won't work because using "*" inside the condition.  Can any one help on
this.  Is it ok to use a perl subroutine instead of the following

--------- Exim.conf  start ------------

tls_certificate = ${if and \
    { \
        {gt{$tls_in_sni}{}} \
        {!match{$tls_in_sni}{/}} \
    } \
    { \
      ${if exists {/etc/letsencrypt/live/${tls_in_sni}/fullchain.pem} \
        {/etc/letsencrypt/live/${tls_in_sni}/fullchain.pem} \
      } \
      ${if exists {/var/panel/userdata/*/ssl/${tls_in_sni}-combined.pem} \
        {/var/panel/userdata/*/ssl/${tls_in_sni}-combined.pem} \
      }\
    } \
    {/etc/exim/exim.crt.pem} \
}
tls_privatekey = ${if and \
    { \
        {gt{$tls_in_sni}{}} \
        {!match{$tls_in_sni}{/}} \
    } \
    { \
      ${if exists {/etc/letsencrypt/live/${tls_in_sni}/privkey.pem} \
        {/etc/letsencrypt/live/${tls_in_sni}/privkey.pem} \
      }\
      ${if exists {/var/panel/userdata/*/ssl/${tls_in_sni}-key.pem} \
        {/var/panel/userdata/*/ssl/${tls_in_sni}-key.pem} \
      }\
    } \
    {/etc/exim/exim.key.pem} \
}

--------- Exim.conf end ---------------

Any help will be appreciated

--
Regards
Sherin A