On Nov 30, 2009, at 4:32 PM, AllenJB wrote:
> Possibly off-topic from what the OP wants, but couldn't TLS Server Name
> Indication (SNI) be used to overcome the single server certificate
> limitation?
With Dovecot v2.0 and living in theoretical land, sure.
Thomas Hummel wrote:
> Hello Timo,
>
> I'd like to check if my understanding of dovecot-1.2.x's SSL certificate
> handling is correct :
>
> SSL does not provide the server any mechanism to choose which certificate
> it must send relatively to the name the client is using. Thus, if you
>
On Seg, 2009-11-30 at 17:03 +0100, Thomas Hummel wrote:
> On Mon, Nov 30, 2009 at 03:50:00PM +, Jose Celestino wrote:
>
> > The client compares the CN of the certificate with the hostname it has
> > configured and warns on a mismatch. What you can do is have multiple
> > subjects certificate,
On Mon, Nov 30, 2009 at 03:50:00PM +, Jose Celestino wrote:
> The client compares the CN of the certificate with the hostname it has
> configured and warns on a mismatch. What you can do is have multiple
> subjects certificate, that is a certificate again with a single CN but
> with multiple a
On Seg, 2009-11-30 at 16:34 +0100, Thomas Hummel wrote:
> Hello Timo,
>
> I'd like to check if my understanding of dovecot-1.2.x's SSL certificate
> handling is correct :
>
> SSL does not provide the server any mechanism to choose which certificate
> it must send relatively to the name th
Hello Timo,
I'd like to check if my understanding of dovecot-1.2.x's SSL certificate
handling is correct :
SSL does not provide the server any mechanism to choose which certificate
it must send relatively to the name the client is using. Thus, if you want
to
use different certificate
