Certificates for multiple domains

[sinopeach]

Any news on this?

As far as I see it the only ways to do it without Zimbra introducing support (How about some S/MIME while we're at it) is to:

1. Deploy one proxy server per client - use their own certs - this is feasible for those doing it in the cloud or with virtualisation

2. Purchase one of those hardware SSL agregator/load balancer units....

We are looking at both. Unless we can get a virtual appliance for the second one to make networking easier - then we will go with #1.

Of course it is another instance to patch, 6 more GB of disk gone and what not. But it isn't too much of an issue - again if using vSphere or similar.

[n.bochev]

Quote:

Originally Posted by Coilcore

Apache cannot do name-based virtual hosting with multiple certs, so if you want to go this route you will have to do IP based virtual hosting, which gets much more involved (mapping multiple IPs to one NIC, etc), which you will likely have to do a lot of surgury on Zimbra apache instance to make work.

Actually this is not true :

SSL/TLS Strong Encryption: FAQ - Apache HTTP Server

Quote:

It is possible, but only if using a 2.2.12 or later web server, built with 0.9.8j or later OpenSSL. This is because it requires a feature that only the most recent revisions of the SSL specification added, called Server Name Indication (SNI).