You should be able to add subjectAltName entries to the certificate so it will be good for multiple domains.
Craig Cudmore 613-868-7316 > On Feb 23, 2019, at 11:17 AM, Marc Chamberlin <m...@marcchamberlin.com> wrote: > > I hope I can follow in the footsteps of someone who has done this > already... My James server is going to be handling multiple domains, > each with its own set of sub-domains and I wish to use LetsEncrypt > certificates to handles the StartTLS or SSL/TLS connections that each > domain wants. Most of the examples shown on the internet show how to set > up a certificate for a single domain, not helpful! The instructions show > at https://james.apache.org/server/3/config-ssl-tls.html explain that > James uses a keystore which can store multiple certificates but then > there is this caveat - " You MUST have only one certificate in the > keystore file used by James." Really? Does this mean I have to create a > LetsEncrypt certificate with ALL the variants of -D <domainnames> for > ALL the domains that I want to support? That is going to be one heck of > a long command and difficult to maintain as I add and remove domains > from my server! I am confused and hoping there is an easier way to > manage this for James... (Wish this was handled like Apache HTTP server > does it, one separate certificate per domain which all the subdomains > included... This keystore complicates things IMHO..) So would appreciate > it is some kind guru could show me how to set up certificates for a > collections of domains so that I can also manage the various subdomains > as well. For example - > > www.domain1.com, mail.domain1.com, ftp.domain1.com, ssh.domain1.com, ... > www.domain2.com, mail.domain2.com, ftp.domain2.com, ssh.domain2.com, ... > www.domain3.com ... > ... > > All in one certificate??? Thanks for any advice in advance... Marc... > > > -- > Linux Counter --------------------------------------------------------------------- To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org For additional commands, e-mail: server-user-h...@james.apache.org
