WebMail and certs for multiple domains

WebMail and certs for multiple domains

Postby ColinABQ » Thu Feb 21, 2008 3:19 am

I am confused about using certs in ams. Maybe I'm just missing something. Here’s the issue:

I have ams 2.61 set up on a single server, behind a single public IP address. I am serving three domains (well, three registered domains). So, I created three self-signed certs, one for each domain, using the integrated ams function for doing so. I see all three certs listed in the “SSL Certificates” portion of the setup, so I think that worked. Now, in the WebMail setup, I seem to be able to select only one of the three certs. (I have “Use implicit SSL” checked; explicit SSL is grayed out and designated as unavailable.) I have also looked in the domain settings and see no options there.

Is there any way that I can adjust this on a per-domain basis? I had imaged that the web mail service would examine an incoming request header, extract the Host: element, and apply a cert accordingly, falling back to a specified default if required – or something like that. Instead, it appears to be applying just the one cert, no matter which domain I connect to from the Internet. I would prefer to keep the domains logically isolated if possible, using multiple certs, rather than using just one "catch-all" cert. After all, why else would multiple certs be supported at all?

What am I missing?
Colin
ColinABQ
 
Posts: 16
Joined: Wed Sep 19, 2007 2:08 am
Location: Albuquerque, New Mexico, U.S.A.

Re: WebMail and certs for multiple domains

Postby rob » Thu Feb 21, 2008 11:32 am

Presently there isn't a way to bind different SSL certicicates to different domains (although this is something we do plan to add in the future). Unfortunatly also this wouldn't be possible with a single IP anyway, as the SSL certicate exchange will always need to occur before the mail server can possible know what domain the user is connecting to. However, this is still possible and can be done by firstly obtaining a different IP for each of the domains you want to host. The next step would be to then create 3 seperate installations of AMS on the same computer, each one bound to a particular IP and hosting a particular domain. Unfortunatly in this mode only 1 can be conifgured as the NT service, but the other 2 installations should operate fine in applicatoin mode (you will need to find a way to load the other 2 installations).
rob
 
Posts: 415
Joined: Mon Sep 10, 2007 2:34 pm

Re: WebMail and certs for multiple domains

Postby ColinABQ » Thu Feb 21, 2008 1:26 pm

Thanks, Rob.
I should have realized about the single IP problem, which would be the show stopper for now. Oh well, I shall muddle on.
ColinABQ
 
Posts: 16
Joined: Wed Sep 19, 2007 2:08 am
Location: Albuquerque, New Mexico, U.S.A.


Return to General

Who is online

Users browsing this forum: No registered users and 11 guests

cron