Dunno if I'm talking about the right thing or if this would help, but...
we have gone over to a single wildcard certficate for everything in the *.bard.edu domain (from Digicert)...this costs $495 for a single year, less for multiple years.
Then everything coming at a machine of the format: <somename>.bard.edu comes up valid. If the hostname is of the format <somename1>.<somename2>.bard.edu (or <somename1>.<somename2>...<somenameN>.bard.edu) , then you have to explicitly list it when submitting the CSR, but you can list up 10 host names for the certificate you generate for that machine when submitting the CSR........
Jan-Frode Myklebust wrote:
On 2009-01-06, Timo Sirainen tss@iki.fi wrote:
We're afraid that if we enable STARTTLS, many of our existing clients will automatically try using SSL towards the wrong name, and get ugly SSL warnings about certifcate mismatch.
-jf
-- ==== Once upon a time, the Internet was a friendly, neighbors-helping-neighbors small town, and no one locked their doors. Now it's like an apartment in Bed-Stuy: you need three heavy duty pick-proof locks, one of those braces that goes from the lock to the floor, and bars on the windows.... ==== Stewart Dean, Unix System Admin, Bard College, New York 12504 sdean@bard.edu voice: 845-758-7475, fax: 845-758-7035