On Thu, Jul 03, 2014 at 01:08:38PM +0200, Tomasz Chmielewski wrote: > I mean binding it to one IP, but being able to serve different SSL > certificates. > > I think with Cyrus, one needs Subject Alternative Names (SANs) > certificate for that. No, you can do it with seperate certs. It is done in imap.conf referencing service names in cyrus.conf. # File containing the global certificate used for ALL services (imap, # pop3, lmtp). # #tls_cert_file: <none> tls_cert_file: /usr/local/etc/ssl.crt/primaryname.crt # File containing the private key belonging to the global server # certificate. # #tls_key_file: <none> tls_key_file: /usr/local/etc/ssl.key/primaryname.key # These refer to the "name" of the service in cyrus.conf imap_secondary_tls_cert_file: /usr/local/etc/ssl.crt/secondaryname.crt imap_secondary_tls_key_file: /usr/local/etc/ssl.key/secondaryname.key imaps_secondary_tls_cert_file: /usr/local/etc/ssl.crt/secondaryname.crt imaps_secondary_tls_key_file: /usr/local/etc/ssl.key/secondaryname.key pop3_secondary_tls_cert_file: /usr/local/etc/ssl.crt/secondaryname.crt pop3_secondary_tls_key_file: /usr/local/etc/ssl.key/secondaryname.key pop3s_secondary_tls_cert_file: /usr/local/etc/ssl.crt/secondaryname.crt pop3s_secondary_tls_key_file: /usr/local/etc/ssl.key/secondaryname.key > On 2014-07-03 12:50, Niels dettenbach wrote: > > Am 03.07.2014 12:36, schrieb Tomasz Chmielewski: > >> However, I don't see a way to set Cyrus to listen on one IP > > > > Binding cyrus daemons to specific IPs is possible (and even multiple > > IPs) within cyrus.conf: > > > > i.e. for IMAPs: > > > > one IP: > > > > imaps cmd="imapd -s" listen="my.host.ip:imaps" prefork=1 > > maxchild=123 > > > > ALL IPs: > > > > imaps cmd="imapd -s" listen="imaps" prefork=1 maxchild=123 > > > > or just multiple IPs (from brain, so pls doublecheck it): > > > > imaps cmd="imapd -s" listen="my.host.ip1:imaps" prefork=1 > > maxchild=123 > > imaps cmd="imapd -s" listen="my.host.ip2:imaps" prefork=1 > > maxchild=123 > > > > > > or do you mean anything other? > > > > > > hth a little, > > > > cheerioh, > > > > > > Niels. > > > > > > > > --- > > Niels Dettenbach > > Syndicat IT&Internet > > http://www.syndicat.com > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus -- Scott Lambert KC5MLE Unix SysAdmin lambert@xxxxxxxxxxxxxx How to be a "computer expert," http://www.xkcd.com/627/ ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
