Re: [Exim] Do I use the same TLS certificate on all my hosts…

Góra strony
Delete this message
Reply to this message
Autor: Mark Foster
Data:  
Dla: exim-users
Temat: Re: [Exim] Do I use the same TLS certificate on all my hosts?
Peter Klitgaard wrote:
> Hi
>
> Im am implementing TLS on my internet mail gateways.
>
> Do I use the same TLS certificate on all my servers, or is it best-practice
> to create unique certificates on each server.


AFAIK there is no best practice. Read RFC3207.
You could use what's called a "wildcard" certificate.
I would say choose your approach based on your situtation. If you are,
for instance, load-balancing 5 mail servers which are all referenced by
the same FQDN, you could use the same non-wildcard certificate. But if
your mail servers are not grouped in such a way, or they are referenced
(named) differently by different clients, consider a wildcard cert, use
completely difference certs or even rethink your naming scheme.

--
Some days it's just not worth chewing through the restraints...
Mark D. Foster, CISSP <mark@???> http://mark.foster.cc/