On Thu, 2004-05-06 at 16:13, [EMAIL PROTECTED] wrote: > Is the reason you would want to do a self signed CA for a secure mail > server that hosts multiple domains so when users connect thru POP or > IMAP SSL, they domain name will match instead of having one blanket > Cert that may not match each domain? > No.
The reason to run a self-signed CA is so that you can have multiple machines running self-generated Certs and only have your domain users download one cert to read/accept them all. Once they accept your CA as an authorized authority, then a they will also accept every cert that you sign. You can then enable SSL for every server (with their own certificate) and not have to pay anyone a cent. This is very useful for larger spread out organizations like schools and universities. Most folks just want to use SSL for the secure transport - they don't need the ip authentication (though they get that as well as long as they run a secure setup and don't hand out certs before doing some form of security audit of the request). Jon Carnes -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
