Loading ...
Sorry, an error occurred while loading the content.

290528Re: domain name to cert/key file mapping

Expand Messages
  • Viktor Dukhovni
    Jan 8, 2013
      On Tue, Jan 08, 2013 at 07:58:38PM -0500, Wietse Venema wrote:

      > > is there any way to set certificate / key file name depending on domain
      > > name?

      This problem is much harder for SMTP that HTTP, since the MTA does
      not know with certainty which acceptable certificate a receiving
      site is likely to have. It might have a certificate for the recipient
      domain, or for the gateway name. SNI only works well when the protocol
      clearly specifies the expected SSL peer. This is not the case with
      SMTP, given MX record indirection and the logical separation of
      the transport and application end-points (gateway vs. domain).

      Thus and for other reasons it is very unlikely that Postfix
      will support SNI with SMTP any time soon.

      --
      Viktor.
    • Show all 3 messages in this topic