inn using two certificates
Bill Tangren
bjt at aa.usno.navy.mil
Thu Aug 18 15:03:10 UTC 2005
I have an odd problem, and I don't know where the correct place to ask
questions would be. So, pardon if this is not the correct place.
I have inn 2.4.1 running on a Linux box here at work. The server offers
half a dozen or so private newsgroups, but no public ones. I am using
xinetd to offer secure newsgroup access outside our firewall, and a
standalone service for secure and unsecure access behind the firewall.
Each access method has its own readers.conf tailored for its use. This
Linux box has several names in DNS assigned for its single IP number.
Many of the users here use thunderbird to access the newsgroups.
It all works well, except for one thing: I have one cert set up for the
server, using the most commonly used name for the server (A). If a user
uses thunderbird to set up newsgroup access using secure access, and he
uses one of the other names for the server (B), then EVERY time they
start their client, it (the client) tells them that server B has a
certificate that contains the name A. This popup message is useful if
you are accessing a non trusted server, but it is annoying here. I have
found no way to stop it.
Does anyone know how I might compile inn (or nnrpd) to use more than one
certificate?
I have thought about setting up a third nnrpd service that uses a
different secure port, but I have no control over the firewall, and
cannot get another port open in it.
I have thought about turning off name resolution in nnrpd (-n) but I'm
not sure this will help
It would be easiest if I could get the users to not use server name B,
but I may as well wish I could fly. Also, there are good reasons why a
second server name is necessary, even to access the newsgroups.
Any thoughts?
Bill Tangren
More information about the inn-workers
mailing list