Re: [Exim] More than one X509 Server Cert with different CN…

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: Re: [Exim] More than one X509 Server Cert with different CNs
On 2004-02-29 Uwe Guenther <uwe@???> wrote:
[...]
[Two A-records pointing to the IP address.]
> The hosts native name is frodo.cscc.de, so I have the setting in exim.conf:


> primary_hostname = mx.cscc.de


> My problem encounters while I want to provide two X509 certs, one
> for mx.cscc.de and a second one for mx.cscc.de to prevent a domain
> name mismatch if some clients look at the X509 CommonName - like
> Mozilla.


> So I need to get out the connected A Record.

[...]

Impossible. The programs look up the IP address and connect to it,
they do not connect to a hostname.

> So in my opinion I can use this only with a second $interface_address for my
> A Record like this:


> smtp.cscc.de.                   IN      A               80.190.249.59

[...]

Afaict using listing the second DNS name as subjectAltName in the
certificate should also work.
           cu andreas