On Thu, Feb 03, 2011 at 05:16:58PM +0100, Alokat wrote:
>> For MUAs reaching a submission server, the picture is much more simple,
>> so this is perhaps viable, but which MUAs are SNI enabled?
>
> Okay ... thanks for all your comments.
> So how would you solve my problem? Multiple Instances?
Ideally, for an MUA, you give it a single logical name that all the
submission users use. Then a single certificate is sufficient.
Otherwise, you can use certificates with a subjectAltName extension
that lists multiple DNS names. This works when the set of domains is
stable enough to not require changes much more frequent than the typical
certificate lifetime.
Are the SSL certificates you want to provision in support of
MUAs or peer MTAs?
If MUAs, do you know whether the MUAs in fact support SNI?
--
Viktor.
