Dunno if I'm talking about the right thing or if this would help, but...
we have gone over to a single wildcard certficate for everything in the
*.bard.edu domain (from Digicert)...this costs $495 for a single year,
less for multiple years.
Then everything coming at a machine of the format: <somename>.bard.edu
comes up valid. If the hostname is of the format
<somename1>.<somename2>.bard.edu (or
<somename1>.<somename2>...<somenameN>.bard.edu) , then you have to
explicitly list it when submitting the CSR, but you can list up 10 host
names for the certificate you generate for that machine when submitting
the CSR........
Jan-Frode Myklebust wrote:
On 2009-01-06, Timo Sirainen <t...@iki.fi> wrote:
We're afraid that if we enable STARTTLS, many of our existing clients will
automatically try using SSL towards the wrong name, and get ugly SSL warnings
about certifcate mismatch.
-jf
--
==== Once upon a time, the Internet was a friendly,
neighbors-helping-neighbors small town, and no one locked their doors.
Now it's like an apartment in Bed-Stuy: you need three heavy duty
pick-proof locks, one of those braces that goes from the lock to the
floor, and bars on the windows.... ==== Stewart Dean, Unix System Admin,
Bard College, New York 12504 sd...@bard.edu voice: 845-758-7475, fax:
845-758-7035
