First I have to appologize for not reading the original post closely enough. On Thu, Jul 03, 2014 at 07:01:05PM +0200, Tomasz Chmielewski wrote: > Thanks. > > I see something similar in documentation: > > http://cyrusimap.org/docs/cyrus-imapd/2.4.17/install-configure.php > > Optionally, you can use separate certificates and key files for > each service: > > [servicename]_tls_cert_file: /var/imap/imap-server.pem > [servicename]_tls_key_file: /var/imap/imap-server.pem > > "servicename" here refers to the name of the service as specified > in cyrus.conf. > It is not necessarily the name of the binary. > > > However, it gives no examples. > > So assuming I have the following services defined: > > imap cmd="imapd -U 1" listen="1.2.3.4:imap" prefork=0 maxchild=100 > imaps cmd="imapd -s -U 1" listen="1.2.3.4:imaps" prefork=0 maxchild=100 > pop3 cmd="pop3d -U 1" listen="1.2.3.4:pop3" prefork=0 maxchild=50 > pop3s cmd="pop3d -s -U 1" listen="1.2.3.4:pop3s" prefork=0 maxchild=50 > > and using your suggested entries to imap.conf: > > imap_secondary_tls_cert_file: /usr/local/etc/ssl.crt/secondaryname.crt > imap_secondary_tls_key_file: /usr/local/etc/ssl.key/secondaryname.key > imaps_secondary_tls_cert_file: /usr/local/etc/ssl.crt/secondaryname.crt > imaps_secondary_tls_key_file: /usr/local/etc/ssl.key/secondaryname.key > pop3_secondary_tls_cert_file: /usr/local/etc/ssl.crt/secondaryname.crt > pop3_secondary_tls_key_file: /usr/local/etc/ssl.key/secondaryname.key > pop3s_secondary_tls_cert_file: /usr/local/etc/ssl.crt/secondaryname.crt > pop3s_secondary_tls_key_file: /usr/local/etc/ssl.key/secondaryname.key > > > How would my cyrus.conf services look like? > > imap cmd="imapd -U 1" listen="1.2.3.4:imap" prefork=0 > maxchild=100 > imaps cmd="imapd -s -U 1" listen="1.2.3.4:imaps" > prefork=0 maxchild=100 > pop3 cmd="pop3d -U 1" listen="1.2.3.4:pop3" prefork=0 > maxchild=50 > pop3s cmd="pop3d -s -U 1" listen="1.2.3.4:pop3s" > prefork=0 maxchild=50 > The secondary entries would have to be on a different IP, such as 1.2.3.5, or a different port number. > imap_secondary cmd="imapd -U 1" listen="1.2.3.4:imap" prefork=0 maxchild=100 > imaps_secondary cmd="imapd -s -U 1" listen="1.2.3.4:imaps" prefork=0 maxchild=100 > pop3_secondary cmd="pop3d -U 1" listen="1.2.3.4:pop3" prefork=0 maxchild=50 > pop3s_secondary cmd="pop3d -s -U 1" listen="1.2.3.4:pop3s" prefork=0 maxchild=50 > > > Wouldn't this make cyrus refuse to start two imapd processes on > 1.2.3.4:imaps? Most likely. You would have to use a different IP or a different port. If you want to do everything on the same IP and same port, you need the SANs. I am sorry for adding noise to the thread by not reading closely enough. You can do different ports : > imap_secondary cmd="imapd -U 1" listen="1.2.3.4:144" prefork=0 maxchild=100 > imaps_secondary cmd="imapd -s -U 1" listen="1.2.3.4:994" prefork=0 maxchild=100 > pop3_secondary cmd="pop3d -U 1" listen="1.2.3.4:111" prefork=0 maxchild=50 > pop3s_secondary cmd="pop3d -s -U 1" listen="1.2.3.4:996" prefork=0 maxchild=50 Or different IPs: > imap_secondary cmd="imapd -U 1" listen="1.2.3.5:imap" prefork=0 maxchild=100 > imaps_secondary cmd="imapd -s -U 1" listen="1.2.3.5:imaps" prefork=0 maxchild=100 > pop3_secondary cmd="pop3d -U 1" listen="1.2.3.5:pop3" prefork=0 maxchild=50 > pop3s_secondary cmd="pop3d -s -U 1" listen="1.2.3.5:pop3s" prefork=0 maxchild=50 Or use Subject Alternate Name, or Wildcard certs. -- Scott Lambert KC5MLE Unix SysAdmin lambert@xxxxxxxxxxxxxx ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
