søn, 29.02.2004 kl. 16.15 skrev Uwe Guenther:
> Now my problem, I use two DNS A records to advertis my SMTP-Server:
>
> mx.cscc.de. IN A 80.190.249.58
> smtp.cscc.de. IN A 80.190.249.58
>
> The first should be the primary mx where other SMTP host deliver mail to me.
> The second will be used for thump clients like Mozilla, Netscape, etc. -
> say as a smarthost.
>
> The hosts native name is frodo.cscc.de, so I have the setting in exim.conf:
>
> primary_hostname = mx.cscc.de
>
> My problem encounters while I want to provide two X509 certs, one for mx.cscc.de
> and a second one for mx.cscc.de to prevent a domain name mismatch if some clients
> look at the X509 CommonName - like Mozilla.
subjectAltName gives you the opportunity of using more than one subject
CN (common name) in a host certificate.
If you're using Openssl to generate self-signed certificates:
a: Internet search on "subjectAltName" and PKIX
b: 'less openssl.cnf', look for "subjectAltName"
c: 'man x509', 'man ca', look for "subject"
If you're using a commercial CA, you could experience difficulty in
getting the issuer to implement subjectAltName; moreover it's possible
that old client versions might not understand it.
--Tonni
--
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl
