multiple ssl certificates (for one service)

David Lang dlang at diginsite.com
Fri Sep 27 18:29:08 EDT 2002


not all browsers accept *.domain certs so be careful

the problem with different certs is that SSL hands out the cert as soon as
the connection is established, before the sender tells you anything. TLS
has an option to have the client tell the server what it's trying to
connect to so that the server can hand back the proper cert, but this has
almost no support currently and is the part of the TLS spec that isn't
compatable with SSL.

David Lang

On Wed, 25 Sep 2002, twk wrote:

> Date: Wed, 25 Sep 2002 09:45:50 -0400
> From: twk <twk at ncsu.edu>
> Cc: info-cyrus at lists.andrew.cmu.edu
> Subject: Re: multiple ssl certificates (for one service)
>
>
>
> Samuel Hug wrote:
>
> > Hi,
> >
> > is there a possibility to use more than one server certificate? The
> > problem is that the mailserver has multiple domain names. The domain
> > names don't specify different services as pop or imap, therefore
> > tls_pop3.... and tls_imap... wouldn't help me.
> >
> > Anybody got a hint?
> >
>
>
> Thawte has wild card certificates...so you can get a cert for *.moritzi.ch and
> the cert is recognized for all servers whose domain name ends in ".moritzi.ch".
>
> If the domains are completely different, I don't know what you can do.
>
> Cheers,
> Tom
>
>
>
>
> --
> Tom Karches                    email : twk at ncsu.edu
> Web Systems Administrator      phone : 919.515.5508
> NCSU Information Technology
>




More information about the Info-cyrus mailing list