Add to Favourites Add to Favourites    Print this Article Print this Article

Per-IP ssl certificates for exim

This has not been tested, but seems straight forward enough.
If you require certificates for each IP being used, this is the related exim.conf code:

tls_verify_certificates = /etc/exim/$received_ip_address.cacert
tls_certificate = /etc/exim/$received_ip_address.cert
tls_privatekey = /etc/exim/$received_ip_address.key

where the $received_ip_address is an exim variable filled with the IP that the connection came in on.

It's likely that the files must exist, so you must have a cert/key pair for each IP, but the easiest way to deal with that would be to use symbolic links for all IPs... or just have an exim check to see if the path exists.. and if not, revert to the defaults.

Was this answer helpful?

Also Read