X-Junk-Score: 0 [] X-Cloudmark-Score: 0 [] Return-Path: Received: from smtp.yoursummit.com ([69.155.252.163] verified) by mail.stalker.com (CommuniGate Pro SMTP 5.3.4) with ESMTPS id 59095568 for CGatePro@mail.stalker.com; Thu, 11 Mar 2010 08:36:17 -0800 Received-SPF: none receiver=mail.stalker.com; client-ip=69.155.252.163; envelope-from=dhazzard@yoursummit.com Received: from [192.168.5.16] (HELO secure.tulsa.local) by smtp.yoursummit.com (CommuniGate Pro SMTP 5.3.2 _community_) with ESMTP id 70149 for CGatePro@mail.stalker.com; Thu, 11 Mar 2010 10:35:26 -0600 Received: from nexthop_smtp_ip ([192.168.1.12]) by secure.tulsa.local (JAMES SMTP Server 2.3.1) with SMTP ID 562 for ; Thu, 11 Mar 2010 10:18:35 -0600 (CST) Received: from [192.168.5.5] (account dhazzard@yoursummit.com) by yoursummit.com (CommuniGate Pro IMAP 5.2.19) with XMIT id 12683171 for CGatePro@mail.stalker.com; Thu, 11 Mar 2010 10:35:25 -0600 Subject: RE: TLS and Certificates - Updated Date: Thu, 11 Mar 2010 10:35:24 -0600 Organization: Summit Financial Group Message-Id: <78d04b797901aa43a3397e167fd1dcbb@mail> In-Reply-To: MIME-Version: 1.0 Thread-Topic: TLS and Certificates - Updated Priority: Normal Importance: normal X-MSMail-Priority: normal X-Priority: 3 Sensitivity: Normal Thread-Index: AcrBONj4mdnGtJNDTtWxwXlEMlmWVw== From: "dhazzard@yoursummit.com" To: "CommuniGate Pro Discussions" X-MAPI-LastModified: Thu, 11 Mar 2010 10:35:24 -0600 X-Mailer: CommuniGate Pro MAPI Connector 1.52.13.1/1.52.15.3 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Thanks guys. I went with separate certificates for each server. Everythin= g is working well so far. -----Original Message----- From: Oliver Koch [mailto:koch@rz.tu-clausthal.de] Sent: Thursday, March 11, 2010 10:00 AM To: CommuniGate Pro Discussions Subject: Re: TLS and Certificates - Updated Hi, Matthew Black wrote: > Wildcard certificates are NOT the way to go for large enterprises. They > present a whole set of security problems because some sites offer dozens > of services, each with its own certificate. Our university operates > hundreds of servers. If a wildcard certificate gets compromised, EVERY > service loses its security. > > Why can't CommuniGate figure out how to configure multiple certificates, > say one for each service (IMAP, POP, WebUser) and a different set for > each domain? Apache has been doing this for a very long time. we use a SSL certificate which contains a main common name and several alternate common names. So it isn't a wild card certificate but we have only one certificate to connect to our server (it's only one server) by different hostnames. Perhabs that might be a solution for Dana too? Kind regards, Oliver Koch -- Oliver Koch Tel.: 05323/72-2626 | Fax: -3536 Rechenzentrum TU Clausthal E-Mail: koch@rz.tu-clausthal.de Erzstra=DFe 51 WWW: http://www.rz.tu-clausthal.de D - 38678 Clausthal-Zellerfeld Jabber: ok@jabber.tu-clausthal.de ############################################################# This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to