ssl certificate for multiple hostnames

Alain Spineux aspineux at gmail.com
Thu Jun 11 08:25:13 CEST 2009 

On Tue, Jun 9, 2009 at 2:55 PM, Liutauras
Adomaitis<liutauras.adomaitis at gmail.com> wrote:
> Hi all,
>
> I want to create ssl certificate for smtp, pop3, imap and http
> services on kolab box which will accept multiple hostnames. As in
> http://therowes.net/~greg/2008/01/08/creating-a-certificate-with-multiple-hostnames/
> it should be possible, isn't it?
>
> I'm not very good at understanding all the ssl stuff, but trying to ...
> Qustions:
> - Is it possible to have certificate which accepts multiple hostnames

Yes, you can ! But you cannot "host" multiple certificate on the same
IP and port because the certificate is the first thing the server
send, before to know to witch site you want to connect !
Most of the cheap certificate you will buy on the internet will not
allow you to manage multiple domain !

> (I have DNS server inside my lan and it is hosting kolab.local domain,
> but form outside I use kolab.com domain)

This is what you mean by multiple hostname ?

> - The link I refer to is saying  that I have to:
>  -- modify openssl.cnf file
>  -- create certificate request .csr
>  -- create selfsigned ca.
> Should I use kolab_ca.sh for that purpose?
> Which openssl.cnf file should I modify ( I see that scripts are
> creating temporary cnf files, so maybe edit scripts instead of
> /kolab/etc/openssl/openssl.cnf file)

Sorry I don't do this every day, cannot help you so easily

> What should I know more? maybe running kolab_ca.sh will make some
> undesirable changes.
> How to do that to have minimum effect on running services?

If you self sign you own certificate, you need to register your CA
certificate on all your client applications (like your browser).
Why not just trust your current certificate instead ! Just ignore the
message about the untrusted CA and accept the certificate.
Tell all your users to do the same.

>
> Thanks for any hints
> Liutauras
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
>



-- 
Alain Spineux
aspineux gmail com
May the sources be with you

More information about the users mailing list