>> What if I have an ssl certificate for *.example1.com and I want any server name such as mail, pop, pop3, smtp to fall under that SSL certificate? I don't suppose I can set the A record under the Domain Settings to *.example1.com can I?
>>
>> Or would I set the A record to mail.example1.com and then assign the wildcard SSL certificate to that domain? Would it still accept connections for anything?
> Yes. That should work in most situations.
Brian,
As ChrisP says, that should work in most simple setups. From what I can see from my limited testing, you need to consider the following:
- The domain example1.com can have only one A record assigned in SurgeMail, e. g. mail.example1.com.
- A modern MUA will send the POP, IMAP or SMTP hostname as the SNI.
- If the SNI matches the A record setting of a SurgeMail domain (e. g., mail.example1.com), SurgeMail will return whatever SSL certificate is stored in surgemail/ssl/mail.example1.com.
- Otherwise, if the SNI request does NOT match any Surgemail domain A record, SurgeMail will return the SSL certificate that is associated with the first (by order in surgemail.ini, says ChrisP) domain that is configured on the IP address of the request.
- Therefore, if you need to support pop.example1.com/imap.example1.com and pop.example2.com/imap.example2.com, you will need to either:
- Configure example1.com and example2.com on different IP addresses, or
- obtain a multi-domain (UC a. k. a. multiple-SAN) certificate that covers pop.example1.com, imap.example1.com, mail.example1.com, pop.example2.com, imap.example2.com, etc.
cf.
<http://www.sslshopper.com/special-ssl-certificate-types.html>
HTH
Chris (Ferebee, as distinct from P :)
|
