On Sat, Jun 18, 2022 at 09:05:07AM +1000, raf wrote:
> Even if the middle pair were in the right order, and
> even if they successfully replaced the first pair (which
> might not be a thing anyway), it would still end up with
> a single RSA certificate, not both.
Correct. For multiple MTA personalities there's SNI (generally not a
good practice, we have MX records for serving multiple domains on a
single SMTP server). This requires lookup tables that map various
names to non-default certificate chains.
--
Viktor.
