Mailing List CGatePro@mail.stalker.com Message #104583
From: <rwebb@ropeguru.com>
Subject: Re: Certificates for multiple domains
Date: Wed, 06 Nov 2013 15:02:03 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>, Ron Smith <postmaster@pmbx.net>
X-Mailer: CommuniGate Pro WebUser v6.0.5
Can we not spam please?

On Wed, 6 Nov 2013 13:55:44 -0500
 Ron Smith <postmaster@pmbx.net> wrote:

Ron Smith, MD, 'The Pediatric Guide For Parents'

Want to know more about me and my family? Take a look at the free ebook about my daughter below. Forever And A Day For Laura Michelle

On Nov 6, 2013, at 9:34 AM, Karl Zander <cgplist@commpartners.com> wrote:

You should be secure.

It more about what the end user sees.

You have a certificate on mail.example.com.  Everyone connections to mail.example.com for SMTP/IMAP/POP/webmail etc.  Works as expected.

Now you add a domain, example.net.  The end user continues to setup their apps using mail.example.com.  Works as expected.  For webmail they login at

https://mail.example.com with their complete email address, user@example.net

But if they go to https://mail.example.net they get an error on the certificate.  Same if they try to setup SMTP/IMAP/POP using mail.example.net.

I don't get that error. But I do have secure ports set up so that for my server it would be, for example, https://mail.example.net:9100 and not https://mail.example.net also. Certificate is fine when I checked my setup.


Its about the use cases and end users exceptions.  If the end user expects their domain to identify them all the time, then using the certificate on the main server is not going to meet their expectations.

--Karl  On Tue, 5 Nov 2013 19:44:03 -0500
Ron Smith <postmaster@pmbx.net> wrote:
I have run a secure CG Server setup with multiple domains for the better part of 15 years. I only use one certificate for the primary domain. I am not sure that I see that there is an advantage of trying to use an IP address and certificate for all 70 of the domains that I host? Sending to and from the mail server is always secured with that one certificate? Ron

Ron Smith, MD, 'The Pediatric Guide For Parents'

Want to know more about me and my family? Take a look at the free ebook about my daughter below. Forever And A Day For Laura Michelle

On Nov 5, 2013, at 5:49 PM, Andrew Hotlab <andrew.hotlab@outlook.com> wrote:

Yes, it's another way to go, but not the only one, as I wrote. If you'd like to maintain a more flexible multi-domain configuration, I guess that using one certificate per domain (each CN associated to the domain name or alias, like "mail.secondary.domain") it would be a better solution.

Moreover, if you need to lower costs of your setup, remember that some CA as StartCom give you a Class 1 certificate for Server Authentication for free, only if the CN is a simple hostname.

Regards.

Andrew


To: CGatePro@mail.stalker.com
Date: Tue, 5 Nov 2013 14:28:33 -0500
From: mjstraw@iup.edu
Subject: Re: Certificates for multiple domains

With only one IP address, you'll need to get a new cert for your primary domain, and with your secondary domain(s) listed on it as "alternate subject names".

Install that same cert for all domains

Mark

On 11/5/2013 9:29 AM, Karl Zander wrote:
We have a server with a certificate using

mail.example.com

It has a single IP address.



We now want to add a second domain.

mail.example.net

With only a single IP address, can we add a certificate using mail.example.net? Does each domain need its own dedicated IP address for a certificate unique to that domain?

--Karl


--Karl Zander
 CommPartners
 www.commpartners.com

#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster