Re: Multiple SSL certificates

On Sun, Mar 06, 2005 at 04:29:40PM -0800, Alexander Perlis wrote:
> Marshal Newrock wrote:
> > For what I am doing, which is using perdition to concentrate
> > several hosted domains to one imap server, the ability to have
> > multiple SSL certificates would be useful. [...]
> 
> Supporting multiple SSL certificates would indeed be useful (or can
> this already be done? --- if so, how?).
> 
> In our case, our users have their POP clients configured to pull from
> "pop.ourdomain.com", and their IMAP clients configured to pull from
> "imap.ourdomain.com". Now I'd like to proxy everything through
> "perdition.ourdomain.com", but without users having to change their
> own configurations.
> 
> But no matter whether we use CNAME or A records to point both
> pop.ourdomain.com and imap.ourdomain.com to perdition.ourdomain.com,
> our users are burdened with warnings that the name on the certificate
> does not match the name of the server.
> 
> It seems, the only solution is to have multiple certificates. Has
> anyone solved this problem?

The problem here is that the SSL/TLS protocol only supports using a
single certificate. I think that the solution to your problem is to use
a wildcard in your certificate, something like *.ourdomain.com.

-- 
Horms

--

-- 
Perdition - http://www.vergenet.net/linux/perdition/
To UNSUBSCRIBE, email to lisa@..., with a body:
unsubscribe perdition-users your-email-address@...
where "your-email-address@..." is YOUR email address.