Specify SSL Certs on per domain basis

Specify SSL Certs on per domain basis

Postby MC9000 » Tue Aug 26, 2014 1:03 am

I saw this feature in other mail server software (MS Exchange), and i think this would be wonderful if AMS had such a feature.
Right now, you can select only 1 SSL certificate for any service at a time. It would be nice to assign a cert for each domain.

So if you have mail.mydomain.com, mail.fredsdomain.com, mx.marysdomain.com you can have an SSL cert for each that will load when requested. Since SSL certs are not tied to IP addresses, but domain names, this shouldn't be too terribly hard to do and would be a HUGE improvement.
:D
MC9000
 
Posts: 12
Joined: Fri Dec 06, 2013 12:45 pm

Re: Specify SSL Certs on per domain basis

Postby Code Crafters » Wed Aug 27, 2014 7:10 am

This is one of many domain level features we'd love to build into a major future version of the software. It may be a while before this can happen as it's quite a major change but we definitely aim to do this.
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm

Re: Specify SSL Certs on per domain basis

Postby EKjellquist » Wed Sep 24, 2014 2:07 pm

I'd be in favor of this update also; have had the luxury of utilizing a single domain with subdomains for some time, but beginning to need multiple domains serviced by a single mail server, and though it can ultimately work as is, you end up with security notifications on the client end that are sometimes tough to work around depending on the application. Power users or internal users don't have too much of an issue with this, but it makes for difficulty for users over the net at large to either specify certificate exceptions or have to download and install a cert manually.
EKjellquist
 
Posts: 96
Joined: Tue Sep 09, 2014 10:40 pm

Re: Specify SSL Certs on per domain basis

Postby EKjellquist » Tue Dec 05, 2017 2:54 pm

To build on this idea a little, we're also now using UCC SAN certificates for domains for use with Apache, IIS, etc and being able to specify / manage a single certificate with a single CN and several Subject Alternative Names (SANs) is helpful. Speaking to the above changes necessary to allow a per-domain basis of specifying an individual certificate (rather than one for the whole service) would it be possible to allow a multi-domain certificate like a UCC SAN to work with pro/enterprise versions of AMS that can run multiple domains? Insofar as it doesn't seem to matter which domain is the CN and which are the SANs for use with current webservers (provided your cert and key are legit), would it be a smaller, quicker modification to AMS to allow a single UCC cert for a service, which would at least be a compromise for those of us running multi-domain servers?
EKjellquist
 
Posts: 96
Joined: Tue Sep 09, 2014 10:40 pm

Re: Specify SSL Certs on per domain basis

Postby Code Crafters » Sat Dec 30, 2017 6:58 pm

Ability Mail Server may already allow this as it only presents the certificate via SSL and doesn't really care what the chain or individual certificate contents are. Have you tried this?
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm

Re: Specify SSL Certs on per domain basis

Postby Code Crafters » Sat Dec 30, 2017 7:01 pm

Ability Mail Server may already allow this as it only presents the certificate via SSL and doesn't really care what the chain or individual certificate contents are. Have you tried this?
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm


Return to Suggestions

Who is online

Users browsing this forum: No registered users and 1 guest

cron