Hi! Is it possible to configure Cyrus so that the server certificate it provides would depend on the IP used to connect to it? Our current system has users differentiated by faculty so that a user configures her imaps server according to her faculty. Each faculty has its own imaps server fqdn each of which corresponds to a different IP. Each real physical server serves multiple faculties. Each server has multiple IPs and a separate stunnel instance for each IP/fqdn/faculty. Thus, we can have a separate certificate for each IP/fqdn/faculty, even if there are many faculties served by one Cyrus server. We are upgrading our system, and want to get rid of the stunnels. Moreover, we want to give our users a unified system image. So in theory we could get by with only one fqdn for each user. But we'd like to avoid having all our approx 50 000 users reconfigure their imaps clients. So we'd like to have our unified server (or a cluster of servers) continue providing imaps service on the faculty-based fqdns/IPs. Problem is, some widely-used clients (notably Thunderbird/Icedove) are picky about the CN of the certificate matching the fqdn they are using to connect. But if Cyrus will give the same certificate no matter the IP it is connected via, that's what'll happen. So. Can Cyrus be configured to give different certificates based on the server IP? Thanks. --Janne Peltonen IMAP admin Univ of Helsinki ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
