Hi Peter!
Peter Saint-Andre schrieb:
Because it is maybe connecting for service.example.com but only has a
certificate for example.com. Sure this might be considered as
misconfiguration - and sure as well, that it would be better to have
a certificate for each domain.
I don't see why you need a separate certificate for each domain --
can't you have one domain with many instances of id-on-xmppAddr in the
subjectAltName?
Sure, that's possible too. But I guess the standard case for virtual
hosting is to have multiple certificates. It might be practicable to
have multiple services, that are subdomains of the same domain in the
certificate, but for multiple domains of different virtual servers, I
expect, that you get into problems to get this signed as soon as the
domains are owned by different persons/organisations. Another problem
with a single multi-domain certificate might be, that you have to get a
new certificate whenever you add a new service to the server.
Tot kijk
Matthias
