[Blackpool] Mail server security cert

James Page jmsp.1983 at gmail.com
Fri Aug 30 22:24:32 UTC 2013


Hi Rob,

That's a bit ahead of where I am at the mo :-)

I'm not using anything at the moment - just trying to get a clearer idea in
my head of how it works. I was wondering more about those certificates
issued by certificate authorities, than self-certs.


Thanks,
James


On 30 August 2013 23:03, B McLellan <bob.mclellan at gmail.com> wrote:

> James,
>
> I believe you can do this with a single cert using SubjectAltNames for the
> additional domains. I assume you're using openssl?
> Take a look here for commands to generate the cert:
> http://apetec.com/support/GenerateSAN-CSR.htm
>
> HTH
>
> Rob
>
>
> On 30 August 2013 21:59, James Page <jmsp.1983 at gmail.com> wrote:
>
>> I'm a bit stuck with understanding how SSL certificates work for mail
>> servers - do any of you know a bit about them?
>>
>> If I run a mailserver that hosts mail for multiple domains, do I need
>> multiple certificates, or will just one do?
>>
>> For example, say the hostname is server.james.com and I'm also hosting
>> mail
>> for alice.com, bob.com and Charlie.com. Each account uses the subdomain
>> alias mail. as their mail server.
>>
>> In this instance, would a single certificate for server.james.com be
>> sufficient, or would I need a cert for each mail subdomain? If I look in
>> message headers, the only server mentioned is usually the server hostname
>> (rather than the mail alias'), so my best guess would be that only a cert
>> for the hostname is necessary. Is that right?
>>
>>
>>
>> J
>> _______________________________________________
>> Blackpool mailing list
>> Blackpool at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/blackpool
>>
>
>


More information about the Blackpool mailing list