[Dovecot] Multiple certificates

Steffen Kaiser skdovecot at smail.inf.fh-bonn-rhein-sieg.de
Mon Oct 30 08:42:31 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 26 Oct 2006, Phill Edwards wrote:

> I have dovecot version 1.0 relese 0.beta8.2.fc5 installed on my FC5
> linux box. It acts as an IMAP server to my home LAN. I connect to it
> from the home PCs over SSL and have installed a certificate in the
> domain imap.edwards.home to enable this.

Hmm, UW-Imap does support only one certificate, too, hence, I'm puzzled 
why it did worked before.

> Login failure: Certificate failure for XXX.homelinux.com: self signed 
> certificate: /C=AU/ST=NSW/L=Sydney/O=Edwards/OU=IMAP 
> server/CN=imap.edwards.home/emailAddress=philledwards at gmail.com

Which side gives you this error? Dovecot or xs2mail.com?
IMHO: The error looks like the "self signed" part is the problem. You 
probably need to store the public certificate on xs2mail.com, in order the 
server can validate it.
Do you use the _same_ certificate with Dovecot as with UW-Imap? This 
should give you the same situation as before.

> <snip>
> 1.0-tests support "virtual servers", where this is possible:
>
> server foo {
> listen = 1.2.3.4
> ssl_cert_file = /etc/ssl/certs/foo.cer
> }
>
> server bar {
> listen = 1.2.3.5
> ssl_cert_file = /etc/ssl/certs/bar.cer
> }
> </snip>
>
> Can anyone help me figure this out?

Give your server two IP addresses, then bind a Dovecot with certificate 
foo.cer on one address, and a Dovecot with bar.cer on the other one.

Because SSL is implemented as tunnel and no symbolical ip name information 
is passed in IMAP, you can have only one certificate per IP address at 
maximum. However, most OSes allow you to bind several IP addresses to one 
physical NIC.

Bye,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQEVAwUBRUW6+i9SORjhbDpvAQJ4JwgAyjBt/LM2wqEomIXuEqr1iIndv0ZeWtWP
soHBJjDy1ea29doOj5M4KHdJXm8wuiYUtWckx9RK68j2AcXvNNZPJrlbLS1nqCzc
XE6Qbj/AXChIZ/72+XpSnhkO5lFrH6wtD4py2/tipimvjQCZG2atA9FFUSBJlAV5
puDkhLgXaHU/ehyJs4a+GXmyCnn0MTG5FrtM03Io7aMy+kV2T/3WMA5eyMSKs5bt
zSXf36BSV2c8J4hLiPx4bD1ZESuzVIOEqNs3aBMxNZglni00QJBIPR1omMB5ucOq
zwOuSp7YU/znAPij8OI4kaRse5SrhKAbf5GU84XFYH0/oFkPWRuatQ==
=FxcS
-----END PGP SIGNATURE-----

More information about the dovecot mailing list