Hi,

just to inform you that everything went fine.

- I enabled g_ssl_per_domain
- copied existing certificate from suregmail\ssl folder to 
suregmail\ssl\s1.domain.tld folder.

files:
surge_cert.pem
surge_priv.pem

- for domain for which I also need certificate I setup url_host option

url_host "mail.reseller1.com"

- restarted surgemail
- generated CSR & bought new certificate
- entered new certificate to surge_cert.pem which is located at 
suregmail\ssl\mail.reseller1.com
- I also added intermediate and root certificates from authority to 
surge_cert.pem file

certificate
intermediate certificate
root certificate

- restarted surgemail

And everything is working fine for now :)

Maybe this steps will help someone.


####
I have thing which I would like to see.
I would like to see option which give option not to create folder for 
each domain and self signed certificates.
But you can select for which domain you want ssl and that all others use 
certificate from ssl root folder.
I say this because now I have almost hundred folders.
I also maintains systems which has few thousand domains.
And it is not very nice to see thousand folders in ssl folder and you 
need ssl only for several domains.
I hope you can do something.

Regards,
Darko Bazulj


On 12/12/2013 9:01 PM, surgemail-support wrote:
>     Hi,
>     currently I have wildcard certificate setup for all domains on server.
>     *.domain.tld
>     Now all users in their MUA for smtp/imap/pop have s1.domain.tld
>     ("primary vdomain").
>     SSL/TLS is working fine.
>     ONLY SSL connections are permitted to the mail server.
>     Now I have question from two clients (resellers), they would like to
>     have their own FQDN for MUA setup to hide us. One of them also want
>     dedicated IP.
>     example:
>     mail.reseller1.com
>     mail.reseller2.com(dedicated IP)
>     They have multiple domains hosted at us.
>     Also I have multiple domains which are not connected with them.
>     I know I have to enable g_ssl_per_domain
>     I also found that SNI is supported by surgemail.
>     If I understood well for each vdomain folder will be created and
>     self signed certificate will be created after g_ssl_per_domain is
>     enabled.
>     suregmail\ssl
>     suregmail\ssl\s1.domain.tld
>     suregmail\ssl\reseller1.com
>     suregmail\ssl\reseller2.com
>     suregmail\ssl\domain1.com
>     suregmail\ssl\domain2.com
>     suregmail\ssl\domain3.com
>     1.
>     I should copy certificate from suregmail\ssl to
>     suregmail\ssl\s1.domain.tld
>
> Yes.
>
>     2.
>     buy certificates for mail.reseller1.com & mail.reseller2.com and put
>     them in appropriate folder.
>     mail.reseller1.com > suregmail\ssl\reseller1.com
>     mail.reseller2.com > suregmail\ssl\reseller2.com
>
> Yes.
>
>     3.
>     do I need to set up url_host for those two domains?
>     What if domain have dedicated IP (address)?
>     vdomain address="" name="s1.domain.tld"
>     vdomain address="" name="reseller1.com"
>     url_host "mail.reseller1.com"
>     vdomain address="x.x.x.x" name="reseller2.com"
>     url_host "mail.reseller2.com"
>     vdomain address="" name="domain1.com"
>     vdomain address="" name="domain2.com"
>     vdomain address="" name="domain3.com"
>
> Yes.
>
>     Anything else to setup?
>
> I think you've got it all correct.
>      ChrisP.
>
>     Maybe I'm doing something wrong.
>     Regards,
>     Darko Bazulj
>