On 11/07/2014 07:11 PM, li...@rhsoft.net wrote: > and it is smart do it that way > > other than for webservers you have not different contents for different > hostnames but mandatory user authentication - so why waste time and > money dealing with different hostnames and certificates?
I understand where you're coming from, it is a purely cosmetic difference which affects one setting in a user's email client, but that one setting is rather important to a lot of people. > even a multi-domain certificate is a nightmare when you get new domains > and need to replace it every time and even if SNI would be supported you > likely will not have much luck with client support (and no users don't > use up-to-date software all the time - sad but true) Someone mentioned that current versions of Thunderbird supports it, that's a good start. Those clients that don't support it would be no different than they are now. They could either (1) use the fallback (provider) hostname to connect to and get the correct certificate, or (2) accept the scary popup that indicates the wrong certificate. > until now nobody was able to tell me any benefit of multiple server > names for a mailserver instead 1 hostname, 1 certificate and 1 PTR > matching the A-record and HELO name with 100, 200, 300, 500 MX records > in different domains pointing there Right, but that's for the MX, we're talking submission server here. Peter
