On Sun, Aug 08, 2021 at 10:50:48AM -0400, Wietse Venema wrote: > I suppose that each client certificate will be valid only with a > specific host, so you would have to update the sender_transport > table to return a transport:nexthop result.
FWIW, the OP's question was: Is it possible to control the certificate that is used per domain? If per-domain means per destination nexthop regardless of sender, the configuration would be simpler. Assuming just a small number of client certs, just configure a separate transport for each client cert, and use transport_maps to map the domain in question to that transport. -- Viktor.