Loading ...
Sorry, an error occurred while loading the content.

Re: is possible to use different SSL certificates for different domains?

Expand Messages
  • Birta Levente
    ... I use multiple certificate on multiple domains with multiple postfix instances :) http://www.postfix.org/MULTI_INSTANCE_README.html
    Message 1 of 16 , Feb 25, 2013
    • 0 Attachment
      On 25/02/2013 12:38, marcos gonzalez wrote:
      > Hi
      >
      > Thanks for the answer.
      >
      > I'm reading how more of you separates http of mail, is correct but If
      > you needs the same SSL certificate for more than one domain, and for
      > legal questions you can't include all domains in one certificate, I
      > don't know If postfix has the possibility to create a table domains
      > where you can say " for this domain this certificate". I know is a
      > very special case and not's typical to do, and for this I prefer to
      > comment to this list.
      >
      > If anyone knows how to create this rule, be grateful
      >

      I use multiple certificate on multiple domains with multiple postfix
      instances :)

      http://www.postfix.org/MULTI_INSTANCE_README.html
    • Reindl Harald
      ... have fun if you are growing up to 100, 200, 300, 500 domains ypur administration overhead will grow dramatically for zero benefit or you have sooner or
      Message 2 of 16 , Feb 25, 2013
      • 0 Attachment
        Am 25.02.2013 21:54, schrieb Birta Levente:
        > On 25/02/2013 12:38, marcos gonzalez wrote:
        >> Hi
        >>
        >> Thanks for the answer.
        >>
        >> I'm reading how more of you separates http of mail, is correct but If you needs the same SSL certificate for more
        >> than one domain, and for legal questions you can't include all domains in one certificate, I don't know If
        >> postfix has the possibility to create a table domains where you can say " for this domain this certificate". I
        >> know is a very special case and not's typical to do, and for this I prefer to comment to this list.
        >>
        >> If anyone knows how to create this rule, be grateful
        >>
        >
        > I use multiple certificate on multiple domains with multiple postfix instances :)
        >
        > http://www.postfix.org/MULTI_INSTANCE_README.html

        have fun if you are growing up to 100, 200, 300, 500 domains

        ypur administration overhead will grow dramatically for zero
        benefit or you have sooner or later to go back to a unified
        servername

        the idiot who was admin befor eme also thought it is cool
        to have "mail.domain.tld" and communicate it for his 5
        domains, now as we are have some hundret of them i am
        happy that i have made the step to unify it to "mail.thelounge.net"
        with ONE certificate and ONE ip-address for keep things simple
      • Birta Levente
        ... Absolutely right. But in my case (and possibly others) it s about 10 domains ... and only 2 have different certificate/IP .... because ...well ... they
        Message 3 of 16 , Feb 25, 2013
        • 0 Attachment
          On 25/02/2013 22:59, Reindl Harald wrote:
          >
          > Am 25.02.2013 21:54, schrieb Birta Levente:
          >> On 25/02/2013 12:38, marcos gonzalez wrote:
          >>> Hi
          >>>
          >>> Thanks for the answer.
          >>>
          >>> I'm reading how more of you separates http of mail, is correct but If you needs the same SSL certificate for more
          >>> than one domain, and for legal questions you can't include all domains in one certificate, I don't know If
          >>> postfix has the possibility to create a table domains where you can say " for this domain this certificate". I
          >>> know is a very special case and not's typical to do, and for this I prefer to comment to this list.
          >>>
          >>> If anyone knows how to create this rule, be grateful
          >>>
          >> I use multiple certificate on multiple domains with multiple postfix instances :)
          >>
          >> http://www.postfix.org/MULTI_INSTANCE_README.html
          > have fun if you are growing up to 100, 200, 300, 500 domains
          >
          > ypur administration overhead will grow dramatically for zero
          > benefit or you have sooner or later to go back to a unified
          > servername
          >
          > the idiot who was admin befor eme also thought it is cool
          > to have "mail.domain.tld" and communicate it for his 5
          > domains, now as we are have some hundret of them i am
          > happy that i have made the step to unify it to "mail.thelounge.net"
          > with ONE certificate and ONE ip-address for keep things simple
          >

          Absolutely right. But in my case (and possibly others) it's about 10
          domains ... and only 2 have different certificate/IP .... because
          ...well ... they have ... it's from situation to situation...
        • Reindl Harald
          ... so setup a vritual machine for them or explain them that it is useless - the argumentation is simple: price let them pay enough to maintain their VN s and
          Message 4 of 16 , Feb 25, 2013
          • 0 Attachment
            Am 25.02.2013 22:39, schrieb Birta Levente:
            >
            > On 25/02/2013 22:59, Reindl Harald wrote:
            >>
            >> Am 25.02.2013 21:54, schrieb Birta Levente:
            >>> On 25/02/2013 12:38, marcos gonzalez wrote:
            >>>> Hi
            >>>>
            >>>> Thanks for the answer.
            >>>>
            >>>> I'm reading how more of you separates http of mail, is correct but If you needs the same SSL certificate for more
            >>>> than one domain, and for legal questions you can't include all domains in one certificate, I don't know If
            >>>> postfix has the possibility to create a table domains where you can say " for this domain this certificate". I
            >>>> know is a very special case and not's typical to do, and for this I prefer to comment to this list.
            >>>>
            >>>> If anyone knows how to create this rule, be grateful
            >>>>
            >>> I use multiple certificate on multiple domains with multiple postfix instances :)
            >>>
            >>> http://www.postfix.org/MULTI_INSTANCE_README.html
            >> have fun if you are growing up to 100, 200, 300, 500 domains
            >>
            >> ypur administration overhead will grow dramatically for zero
            >> benefit or you have sooner or later to go back to a unified
            >> servername
            >>
            >> the idiot who was admin befor eme also thought it is cool
            >> to have "mail.domain.tld" and communicate it for his 5
            >> domains, now as we are have some hundret of them i am
            >> happy that i have made the step to unify it to "mail.thelounge.net"
            >> with ONE certificate and ONE ip-address for keep things simple
            >>
            >
            > Absolutely right. But in my case (and possibly others) it's about 10 domains ... and only 2 have different
            > certificate/IP .... because ...well ... they have ... it's from situation to situation...

            so setup a vritual machine for them or explain them
            that it is useless - the argumentation is simple: price

            let them pay enough to maintain their VN's and if they
            do not want to pay, well, give them a setup which works
            for 100, 500, 1000, 5000 domains perfectly
          • /dev/rob0
            ... Rather than putting it in TLS_README, I think a FAQ would be more fitting. I know we used to have a FAQ document, but it has long ago been abandoned. We
            Message 5 of 16 , Feb 27, 2013
            • 0 Attachment
              On Mon, Feb 25, 2013 at 04:59:37PM +0000, Viktor Dukhovni wrote:
              > I see negligible benefit from an SNI implementation for Postfix.
              >
              > Is it time to add an anti-SNI rationale section to TLS_README? This
              > would set a bad precedent, there is no limit to the number of
              > non-features we could document.

              Rather than putting it in TLS_README, I think a FAQ would be more
              fitting. I know we used to have a FAQ document, but it has long ago
              been abandoned. We get a lot of the same questions here, and some
              ardent Googlers still stumble upon the old faq.html page.

              Perhaps rather than a DNS_README as you suggested in another thread,
              that could be worked into a FAQ? I agree, DNS is a vital subject to
              most MTA administrators, but here too it's not going to cover actual
              Postfix features, for the most part.
              --
              http://rob0.nodns4.us/ -- system administration and consulting
              Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
            • Fernando Maior
              May be we can put that into the Postfix documentation page, in Specific environments section. Also, may be DNS can be there, both are environments
              Message 6 of 16 , Mar 3 1:50 PM
              • 0 Attachment
                May be we can put that into the Postfix documentation page, in "Specific environments" section. Also, may be DNS can be there, both are "environments" anyway...

                Just 2 cents...

                Best regards,
                ---
                Fernando Maciel Souto Maior

                On Wed, Feb 27, 2013 at 6:17 PM, /dev/rob0 <rob0@...> wrote:
                On Mon, Feb 25, 2013 at 04:59:37PM +0000, Viktor Dukhovni wrote:
                > I see negligible benefit from an SNI implementation for Postfix.
                >
                > Is it time to add an anti-SNI rationale section to TLS_README? This
                > would set a bad precedent, there is no limit to the number of
                > non-features we could document.

                Rather than putting it in TLS_README, I think a FAQ would be more
                fitting. I know we used to have a FAQ document, but it has long ago
                been abandoned. We get a lot of the same questions here, and some
                ardent Googlers still stumble upon the old faq.html page.

                Perhaps rather than a DNS_README as you suggested in another thread,
                that could be worked into a FAQ? I agree, DNS is a vital subject to
                most MTA administrators, but here too it's not going to cover actual
                Postfix features, for the most part.
                --
                  http://rob0.nodns4.us/ -- system administration and consulting
                  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

              Your message has been successfully submitted and would be delivered to recipients shortly.