Re: [exim] Question regarding TLS SNI Certificates

Góra strony
Delete this message
Reply to this message
Autor: Heiko Schlittermann
Data:  
Dla: exim-users
Temat: Re: [exim] Question regarding TLS SNI Certificates
Sherin A via Exim-users <exim-users@???> (Do 16 Sep 2021 14:54:39 CEST):
> Hello,
>
> I am configuring exim with a number of domains to use SNI certificates. I
> have domains which use lets encrypt and commercial ssl certificates. The
> certificates and keys as follows,
>
> For the domain foo.com with user foouser :
>
>     Lets encrypt ssl certificate =
> /etc/letsencrypt/live/foo.com/fullchain.pem
>     Lets encrypt ssl key  = /etc/letsencrypt/live/foo.com/privkey.pem
>     Commercial ssl certificate =
> /var/panel/userdata/foouser/ssl/foo.com-combined.pem
>     Commercial ssl key file =
> /var/panel/userdata/foouser/ssl/foo.com-key.pem


First you can save some configuration lines if you store cert, bundle,
and key in one file per certname.

And for your question: yes, the * doesn't work, as "exists" doesn't do
globbing, it simply checks the existence of a path.

But, as I suppose, you won't have colliding SNI names, why not creating
a common directory to store all the cert(+bundle+key) files? Optionally
by having a symlink forest to the physical location of the files?

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -