Hi All,
My server has two names:
1- mailhost.mydomain.br (for general purpouse)
2- webmail.mydomain.br (for web clients)
What is the best praticies to generate the csr certificate in this case? I am going to use CACert.
Should I use "common name" equal webmail.mydomain.br and "subjectAltNames" equal mailhost.mydomain.br or vice-versa?
If I use only one name in subjectAltNames my csr certificate there isn't SubjectAltName.
Look the command bellow.
[root@mailhost commercial]# /opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=BR/ST=Rio de Janeiro/L=Rio de Janeiro/O=My Company/OU=My Depart/CN=webmail.mydomain.br" -subjectAltNames "mailhost.mydomain.br"
...
[root@mailhost commercial]# /opt/zimbra/bin/zmcertmgr viewcsr comm commercial.csr
subject=/C=BR/ST=Rio de Janeiro/L=Rio de Janeiro/O=My Company/OU=My Depart/CN=webmail.mydomain.br
SubjectAltName=
This also happen if I use the Administration Console.
But if I use more than one in SubjectAltName it works.
[root@mailhost commercial]# /opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=BR/ST=Rio de Janeiro/L=Rio de Janeiro/O=My Company/OU=My Depart/CN=webmail.mydomain.br" -subjectAltNames "mailhost.mydomain.br,mail.mydomain.br"
...
[root@mailhost commercial]# /opt/zimbra/bin/zmcertmgr viewcsr comm commercial.csr
subject=/C=BR/ST=Rio de Janeiro/L=Rio de Janeiro/O=My Company/OU=My Depart/CN=webmail.mydomain.br
SubjectAltName= mailhost.mydomain.br, mail.mydomain.br
What should I do?
Best regards,
Bibo
Bugzilla
Wiki
Source
Howto create certificate for server with multiple names 
Linear Mode
