Received-SPF: none
 receiver=mail.stalker.com; client-ip=139.174.2.21; envelope-from=koch@rz.tu-clausthal.de
Message-ID: <4B991396.3070506@rz.tu-clausthal.de>
Date: Thu, 11 Mar 2010 17:00:22 +0100
From: Oliver Koch <koch@rz.tu-clausthal.de>
Organization: Rechenzentrum TU Clausthal
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Subject: Re: TLS and Certificates - Updated
References: <list-59038743@mail.stalker.com> <list-59038790@mail.stalker.com> <list-59095069@mail.stalker.com>
In-Reply-To: <list-59095069@mail.stalker.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi,

Matthew Black wrote:

> Wildcard certificates are NOT the way to go for large enterprises. They=

> present a whole set of security problems because some sites offer dozen=
s
> of services, each with its own certificate. Our university operates
> hundreds of servers. If a wildcard certificate gets compromised, EVERY
> service loses its security.
>=20
> Why can't CommuniGate figure out how to configure multiple certificates=
,
> say one for each service (IMAP, POP, WebUser) and a different set for
> each domain? Apache has been doing this for a very long time.

we use a SSL certificate which contains a main common name and several
alternate common names. So it isn't a wild card certificate but we have
only one certificate to connect to our server (it's only one server) by
different hostnames.

Perhabs that might be a solution for Dana too?

Kind regards,

Oliver Koch

--=20
Oliver Koch                     Tel.:   05323/72-2626 | Fax: -3536
Rechenzentrum TU Clausthal      E-Mail: koch@rz.tu-clausthal.de
Erzstra=DFe 51                    WWW:    http://www.rz.tu-clausthal.de
D - 38678 Clausthal-Zellerfeld  Jabber: ok@jabber.tu-clausthal.de