ssl combining keys

Discussion:

ssl combining keys

Lloyd McNeil

2011-03-18 23:22:47 UTC

New qmail rocks 3.0 server runs like a champ. But need help with combining
keys.

I requested a new certificate no problem, cat the new cert. and matching
.key file together no problem. But on the client end I get an ssl error .

The certificate's CN name does not match the passed value.

If I change the outgoing mail server in the client to the servername it goes
through in a blink of an eye. Like it is supposed to no message at all and
send the email on its way.

The problem is I have 80 or so domains and all there respective email
accouts setup with mail.theredomainname.xxx as the incoming and outgoing
servers.

Is there some way of passing the clients domain name through to the
certificate.

Daniel Llewellyn

2011-03-18 23:33:04 UTC

Permalink

Post by Lloyd McNeil
The problem is I have 80 or so domains and all there respective email
accouts setup with mail.theredomainname.xxx as the incoming and outgoing
servers.

You will need to purchase a certificate with all the mail.domain.tld
hostnames specified in the subjectAltName field. This will probably cost
you a fortune for 80 domains, so I would suggest that you just tell your
users to change their incoming and outgoing servers to match the SSL cert.

Torsten Kersandt

2011-03-18 23:35:58 UTC

Permalink

Hi Lloyd

As usual the information is a bit sparse.

Since last years all certificates issued are 2048bit - a problem which can
be overcome if you still run 1024 bit certificates.

As far as I understand you need a server certificate validating the IP
address of your server to multiple dns names.

Please clarify and if you think your server is secure, pass the dns names
and server IP so I can have a deeper look

Regards

Torsten

From: Lloyd McNeil [mailto:lmcneil-5fEA2WC4m+***@public.gmane.org]
Sent: 18 March 2011 23:23
To: qmr-iGp6mRlwfsr/sFSC9fAAV0B+***@public.gmane.org
Subject: [qmr] ssl combining keys

New qmail rocks 3.0 server runs like a champ. But need help with combining
keys.

I requested a new certificate no problem, cat the new cert. and matching
.key file together no problem. But on the client end I get an ssl error .

The certificate's CN name does not match the passed value.

If I change the outgoing mail server in the client to the servername it goes
through in a blink of an eye. Like it is supposed to no message at all and
send the email on its way.

The problem is I have 80 or so domains and all there respective email
accouts setup with mail.theredomainname.xxx as the incoming and outgoing
servers.

Is there some way of passing the clients domain name through to the
certificate.

Torsten Kersandt

2011-03-18 23:43:33 UTC

Permalink

PS.: actually as Ip address validation basic certificate is only $99 per
year if gone to the right source

Rapid SSL, Comodo and so on

From: Torsten Kersandt [mailto:torsten-***@public.gmane.org]
Sent: 18 March 2011 23:36
To: qmr-iGp6mRlwfsr/sFSC9fAAV0B+***@public.gmane.org
Subject: RE: [qmr] ssl combining keys

Hi Lloyd

As usual the information is a bit sparse.

Since last years all certificates issued are 2048bit - a problem which can
be overcome if you still run 1024 bit certificates.

As far as I understand you need a server certificate validating the IP
address of your server to multiple dns names.

Please clarify and if you think your server is secure, pass the dns names
and server IP so I can have a deeper look

Regards

Torsten

From: Lloyd McNeil [mailto:lmcneil-5fEA2WC4m+***@public.gmane.org]
Sent: 18 March 2011 23:23
To: qmr-iGp6mRlwfsr/sFSC9fAAV0B+***@public.gmane.org
Subject: [qmr] ssl combining keys

New qmail rocks 3.0 server runs like a champ. But need help with combining
keys.

I requested a new certificate no problem, cat the new cert. and matching
.key file together no problem. But on the client end I get an ssl error .

The certificate's CN name does not match the passed value.

If I change the outgoing mail server in the client to the servername it goes
through in a blink of an eye. Like it is supposed to no message at all and
send the email on its way.

The problem is I have 80 or so domains and all there respective email
accouts setup with mail.theredomainname.xxx as the incoming and outgoing
servers.

Is there some way of passing the clients domain name through to the
certificate.

Lloyd McNeil

2011-03-19 00:32:30 UTC

Permalink

Yes I clued in on the 2048bit right away.

I tried setting there dns records up as aliases with cname looks good from a
command prompt as it returns the name of the server but no go from mail
client.

And I didn't know you could get a server certificate with an ip address as
CN name. But if the client email setup is still mail.theredomainname.tld
then it will fail as well. The only reason I didn't want to change the
client setup from using there domain names is that makes it so easy to move
them around ie server catastrophe's and telco outages.

From: Torsten Kersandt [mailto:torsten-***@public.gmane.org]
Sent: Friday, March 18, 2011 6:36 PM
To: qmr-iGp6mRlwfsr/sFSC9fAAV0B+***@public.gmane.org
Subject: RE: [qmr] ssl combining keys

Hi Lloyd

As usual the information is a bit sparse.

Since last years all certificates issued are 2048bit - a problem which can
be overcome if you still run 1024 bit certificates.

As far as I understand you need a server certificate validating the IP
address of your server to multiple dns names.

Please clarify and if you think your server is secure, pass the dns names
and server IP so I can have a deeper look

Regards

Torsten

From: Lloyd McNeil [mailto:lmcneil-5fEA2WC4m+***@public.gmane.org]
Sent: 18 March 2011 23:23
To: qmr-iGp6mRlwfsr/sFSC9fAAV0B+***@public.gmane.org
Subject: [qmr] ssl combining keys

New qmail rocks 3.0 server runs like a champ. But need help with combining
keys.

I requested a new certificate no problem, cat the new cert. and matching
.key file together no problem. But on the client end I get an ssl error .

The certificate's CN name does not match the passed value.

If I change the outgoing mail server in the client to the servername it goes
through in a blink of an eye. Like it is supposed to no message at all and
send the email on its way.

The problem is I have 80 or so domains and all there respective email
accouts setup with mail.theredomainname.xxx as the incoming and outgoing
servers.

Is there some way of passing the clients domain name through to the
certificate.

_____

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1204 / Virus Database: 1498/3515 - Release Date: 03/18/11

Torsten Kersandt

2011-03-19 14:40:40 UTC

Permalink

Hiya

I just has a look at the prices and it's too expensive, it's called wildcard
premium at $1000 per year

The best would be to have a certificate for the main host like
mail.yourdomain.com

And anyone who complains about the ssl warning give that dns name for the
email collection.

Regards

Torsten

From: Lloyd McNeil [mailto:lmcneil-5fEA2WC4m+***@public.gmane.org]
Sent: 19 March 2011 00:33
To: qmr-iGp6mRlwfsr/sFSC9fAAV0B+***@public.gmane.org
Subject: RE: [qmr] ssl combining keys

Yes I clued in on the 2048bit right away.

I tried setting there dns records up as aliases with cname looks good from a
command prompt as it returns the name of the server but no go from mail
client.

And I didn't know you could get a server certificate with an ip address as
CN name. But if the client email setup is still mail.theredomainname.tld
then it will fail as well. The only reason I didn't want to change the
client setup from using there domain names is that makes it so easy to move
them around ie server catastrophe's and telco outages.

From: Torsten Kersandt [mailto:torsten-***@public.gmane.org]
Sent: Friday, March 18, 2011 6:36 PM
To: qmr-iGp6mRlwfsr/sFSC9fAAV0B+***@public.gmane.org
Subject: RE: [qmr] ssl combining keys

Hi Lloyd

As usual the information is a bit sparse.

Since last years all certificates issued are 2048bit - a problem which can
be overcome if you still run 1024 bit certificates.

As far as I understand you need a server certificate validating the IP
address of your server to multiple dns names.

Please clarify and if you think your server is secure, pass the dns names
and server IP so I can have a deeper look

Regards

Torsten

From: Lloyd McNeil [mailto:lmcneil-5fEA2WC4m+***@public.gmane.org]
Sent: 18 March 2011 23:23
To: qmr-iGp6mRlwfsr/sFSC9fAAV0B+***@public.gmane.org
Subject: [qmr] ssl combining keys

New qmail rocks 3.0 server runs like a champ. But need help with combining
keys.

I requested a new certificate no problem, cat the new cert. and matching
.key file together no problem. But on the client end I get an ssl error .

The certificate's CN name does not match the passed value.

If I change the outgoing mail server in the client to the servername it goes
through in a blink of an eye. Like it is supposed to no message at all and
send the email on its way.

The problem is I have 80 or so domains and all there respective email
accouts setup with mail.theredomainname.xxx as the incoming and outgoing
servers.

Is there some way of passing the clients domain name through to the
certificate.

_____

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1204 / Virus Database: 1498/3515 - Release Date: 03/18/11