Ben wrote:
My (also limited, but growing) understanding of a server cert is that you can bind it either to an IP address or to a FQDN.
Not unless the IP address is the "name" you use as the server address. By this I mean, if you have mail.example1.com and mail.example2.com both bound to the same IP address 1.2.3.4, then you can only have an SSL certificate for one of those two names or all users must refer to the server by its IP address exclusively (and the IP address will have to be the Common Name in the cert).
If you have more than one domain, and they are not related (in the sense that they are all known to users of each other), *and* hence you must use multiple SSL certificates, you must have multiple IP addresses bound to the server. This has nothing to do with what CA is used to sign the certs.
HTH
John
-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748