OpenSSL
Fernando Gozalo
fgozalo0 at alumno.uned.es
Mon Jul 12 19:37:39 UTC 2004
> Am Mo, den 12.07.2004 schrieb James Kosin um 20:54:
>
>> Background:
>> I'm trying to setup a secure SMTP connection. I have everything setup;
>> but, I have a stumbling block as I see it. My machine has multiple host
>> names.
>
> You don't say which MTA you are using. That is important information.
>
> You host can't have multiple host names. You mean you have maybe
> multiple IPs, but certainly multiple domains resolving to your box
> IP(s).
>
>> Questions:
>>
>> 1) Can you build more than one certificate to be used? I'm not sure
>> how...
>
> Don't think so. With Sendmail this is not possible, with Postfix IMHO
> neither.
>
>> 2) How do you add certificates to an existing PEM file?
>
> Only one certificate per pem file possible.
>
>> 3) Do I need to setup anything different?
>
> Use 1 single hostname for the SMTP server, like mail.domainfoo.tld. Let
> all domains use this mail server name.
>
Last day I found this:
===================
RFC 2830 also specifies a means for additional names to be set in a
certificate. This is done using the subjectAltName field which is an
X.509v3 extension of the basic certificate. This field can be used to list
aliases for a server, shared names in a load-balancing setup, or any other
desired purpose. A wildcard can also be used, to allow a single
certificate to match all hostnames within a given domain.
In the openssl.cnf file, the syntax for this extension is
subjectAltName=DNS:alias1.domain1,DNS:host2.domain2,DNS:*.domain3
Any number of names may be specified in the comma-separated list.
===================
Maybe can help.
Fernando.
More information about the users
mailing list