On 10/15/05, Peter Palfrader <[EMAIL PROTECTED]> wrote: > On Sat, 15 Oct 2005, Steinar H. Gunderson wrote: > > > On Sat, Oct 15, 2005 at 03:35:40PM +0200, Peter Palfrader wrote: > > > There aren't that many good reasons for having one cert per service > > > anyway > > > > ...except that if you have a certificate for hostname.domain.com and your > > users connect to (say) imap.domain.com, they would get a warning dialog box? > > We can't know all the names that people will use to refer to your > server, so this is one of the cases where you have to do stuff manually > anyway.
AFAIK there's an extension to HTTP to allow multiple TLS vhosts on one host:port. In that case, there's no need to manually ask for the common name for the certificate. I hope the same is done for TLS in general but if not, at least individual protocols should support this.
