Difference between revisions of "Multiple SSL Virtual Hosts 6.0"

(Replaced content with "For configuring SSL certificates per domain with Zimbra, please follow this [http://wiki.zimbra.com/wiki/SSL_certificates_per_domain guide].")
 
Line 1: Line 1:
For configuring SSL certificates per domain with Zimbra, please follow this [http://wiki.zimbra.com/wiki/SSL_certificates_per_domain guide].
+
For HTTP, POP3, and IMAP, please see the [[SSL certificates per domain]] guide.
 +
 
 +
= postfix (SMTP) =
 +
For postfix we use a .in master file that you can edit and have the changes stick: just edit <tt>/opt/zimbra/postfix/conf/master.cf.in</tt> (after backing it up of course!).  Instead of letting postfix bind to the port globally, you configure it to bind to a specific address and override the global certificate with a specific one:
 +
 
 +
Before:
 +
 
 +
<pre>
 +
smtp      inet  n      -      n      -      -      smtpd
 +
submission inet n      -      n      -      -      smtpd
 +
        -o smtpd_etrn_restrictions=reject
 +
        -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
 +
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 +
        -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
 +
</pre>
 +
 
 +
After:
 +
 
 +
<pre>
 +
# domain1 instance
 +
1.1.1.1:smtp      inet  n      -      n      -      -      smtpd
 +
  -o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt
 +
  -o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key
 +
1.1.1.1:submission inet n      -      n      -      -      smtpd
 +
        -o smtpd_etrn_restrictions=reject
 +
        -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
 +
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 +
        -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
 +
        -o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt
 +
        -o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key
 +
 
 +
# domain2 instance
 +
1.1.1.2:smtp      inet  n      -      n      -      -      smtpd
 +
  -o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt
 +
  -o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key
 +
1.1.1.2:submission inet n      -      n      -      -      smtpd
 +
        -o smtpd_etrn_restrictions=reject
 +
        -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
 +
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 +
        -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
 +
        -o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt
 +
        -o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key
 +
</pre>
 +
 
 +
(If you want to enable 465 (smtps), it's a clone of <tt>submission</tt> with <tt>-o smtpd_tls_wrappermode=yes</tt>)
 +
 
 +
Keywords: ''ssl, virtual hosts'' <br>
 +
Version: Release 6.0.5_GA_2213.RHEL5_64_20100203001950 CentOS5_64 FOSS edition.
 +
 
 +
{{Article Footer|ZCS 6.0.5|1/20/2011}}
 +
 
 +
[[Category: Virtual Hosting]]
 +
[[Category: SSL/TLS]]
 +
[[Category: ZCS 6.0]]

Latest revision as of 23:37, 26 January 2015

For HTTP, POP3, and IMAP, please see the SSL certificates per domain guide.

postfix (SMTP)

For postfix we use a .in master file that you can edit and have the changes stick: just edit /opt/zimbra/postfix/conf/master.cf.in (after backing it up of course!). Instead of letting postfix bind to the port globally, you configure it to bind to a specific address and override the global certificate with a specific one:

Before: 

smtp      inet  n       -       n       -       -       smtpd
submission inet n      -       n       -       -       smtpd
        -o smtpd_etrn_restrictions=reject
        -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%

After: 

# domain1 instance 
1.1.1.1:smtp      inet  n       -       n       -       -       smtpd
  -o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt
  -o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key
1.1.1.1:submission inet n      -       n       -       -       smtpd
        -o smtpd_etrn_restrictions=reject
        -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
        -o smtpd_tls_cert_file=/opt/zimbra/conf/domain1.crt
        -o smtpd_tls_key_file=/opt/zimbra/conf/domain1.key

# domain2 instance 
1.1.1.2:smtp      inet  n       -       n       -       -       smtpd
  -o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt
  -o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key
1.1.1.2:submission inet n      -       n       -       -       smtpd
        -o smtpd_etrn_restrictions=reject
        -o smtpd_sasl_auth_enable=%%zimbraMtaSaslAuthEnable%%
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        -o smtpd_tls_security_level=%%zimbraMtaTlsSecurityLevel%%
        -o smtpd_tls_cert_file=/opt/zimbra/conf/domain2.crt
        -o smtpd_tls_key_file=/opt/zimbra/conf/domain2.key

(If you want to enable 465 (smtps), it's a clone of submission with -o smtpd_tls_wrappermode=yes)

Keywords: ssl, virtual hosts
Version: Release 6.0.5_GA_2213.RHEL5_64_20100203001950 CentOS5_64 FOSS edition.

Verified Against: ZCS 6.0.5 Date Created: 1/20/2011
Article ID: https://wiki.zimbra.com/index.php?title=Multiple_SSL_Virtual_Hosts_6.0 Date Modified: 2015-01-26



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Other help Resources

User Help Page »
Official Forums »
Zimbra Documentation Page »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Retrieved from "https://wiki.zimbra.com/index.php?title=Multiple_SSL_Virtual_Hosts_6.0&oldid=56772"
Jump to: navigation, search