[TriLUG] Re: Self Signed CA for mail server
Jon Carnes
jonc at nc.rr.com
Thu May 6 17:49:20 EDT 2004
On Thu, 2004-05-06 at 16:13, spain at ncssm.edu wrote:
> Is the reason you would want to do a self signed CA for a secure mail
> server that hosts multiple domains so when users connect thru POP or
> IMAP SSL, they domain name will match instead of having one blanket
> Cert that may not match each domain?
>
No.
The reason to run a self-signed CA is so that you can have multiple
machines running self-generated Certs and only have your domain users
download one cert to read/accept them all. Once they accept your CA as
an authorized authority, then a they will also accept every cert that
you sign.
You can then enable SSL for every server (with their own certificate)
and not have to pay anyone a cent. This is very useful for larger
spread out organizations like schools and universities. Most folks just
want to use SSL for the secure transport - they don't need the ip
authentication (though they get that as well as long as they run a
secure setup and don't hand out certs before doing some form of security
audit of the request).
Jon Carnes
More information about the TriLUG
mailing list