Paul Hutchings wrote, at 03/18/2009 02:06 PM: > We may be getting a wildcard SSL cert shortly, which would allow us > under the licensing terms to use it on as many servers as we wanted. > > I currently have Postfix setup to support SSL/TLS using a self-signed > cert. > > As mail servers obviously work "hands off" and you don't have human eyes > to notice things such as "self signed cert" warnings, is there actually > any benefit/point in trying (very much a linux novice) to get the > wildcard cert in/running with Postfix?
MUAs will display such warnings if the server supports user submission of email. > I believe there are some issues that can be specific to wildcard certs > (Server Alternate Names has cropped up) that can mitigate this, but in > short, is it a good idea or a terrible idea? Wildcard certs imply multiple machines and services sharing a single key. Therefore, the first issue you need to resolve is whether or not this is a security risk for your environment. Is it appropriate for the SMTP/IMAP/HTTP/FTP/etc. admins to all have the ability to carry out a man-in-the-middle attack? Or should they each have their own key with its own wildcard cert? This is the most important aspect of maintaining a wildcard cert. You don't want some random (possibly disgruntled and/or former) employee to be able to create DNS hosts and install legitimate keys/certs on a machine of their own choosing. After that, a wildcard has its uses on a mail server, if you are supporting users in multiple subdomains that all exist at the same level. For server to server communications it's not critical, as most servers will still make the connection if verification fails.
