On Sun, Aug 08, 2021 at 10:50:48AM -0400, Wietse Venema wrote:
> I suppose that each client certificate will be valid only with a
> specific host, so you would have to update the sender_transport
> table to return a transport:nexthop result.
FWIW, the OP's question was:
Is it possible to control the certificate that is used per domain?
If per-domain means per destination nexthop regardless of sender, the
configuration would be simpler. Assuming just a small number of client
certs, just configure a separate transport for each client cert, and use
transport_maps to map the domain in question to that transport.
--
Viktor.
