OpenSSL

[Fernando Gozalo]

> Am Mo, den 12.07.2004 schrieb James Kosin um 20:54:
>
>> Background:
>> 	I'm trying to setup a secure SMTP connection.  I have everything setup;
>> but, I have a stumbling block as I see it.  My machine has multiple host
>> names.
>
> You don't say which MTA you are using. That is important information.
>
> You host can't have multiple host names. You mean you have maybe
> multiple IPs, but certainly multiple domains resolving to your box
> IP(s).
>
>> Questions:
>>
>> 1)  Can you build more than one certificate to be used?  I'm not sure
>> how...
>
> Don't think so. With Sendmail this is not possible, with Postfix IMHO
> neither.
>
>> 2)  How do you add certificates to an existing PEM file?
>
> Only one certificate per pem file possible.
>
>> 3)  Do I need to setup anything different?
>
> Use 1 single hostname for the SMTP server, like mail.domainfoo.tld. Let
> all domains use this mail server name.
>

Last day I found this:

===================
RFC 2830 also specifies a means for additional names to be set in a
certificate. This is done using the subjectAltName field which is an
X.509v3 extension of the basic certificate. This field can be used to list
aliases for a server, shared names in a load-balancing setup, or any other
desired purpose. A wildcard can also be used, to allow a single
certificate to match all hostnames within a given domain.

In the openssl.cnf file, the syntax for this extension is

subjectAltName=DNS:alias1.domain1,DNS:host2.domain2,DNS:*.domain3

Any number of names may be specified in the comma-separated list.
===================

Maybe can help.

Fernando.