[Info-vax] SSL Certificates questions

[JF Mezei]

OK, so this isn't for VMS, but I figured the folks here are serious and
experienced... (chocolate.com used as an example).


Say I have:
	domain: 		chocolate.com
	one public IP address:	12.34.56.78
	Internet reverse DNS:	gw.chocolate.com

	lan server DNS:		velo.chocolate.com
	lan server IP:		10.0.0.20

There is a LAN DNS server which is authoritative for chocolate.com and
gives translations to the individual machines in the 10.*  IP range.
This DNS server only responds to requests that come from within the LAN.

On the internet, the same names are available, but they all translate to
12.34.56.78 (zone files hosted externally)  and the router then does
NAT/PAT to the appropriate server in the LAN.


I appear to require some certificates to allow a remote user to
authenticate to my smtp server.  And I would also like to support https:
transactions on www.chocolate.com

Initially, I would like to use a self signed certificate while I learn,
test, debug and then perhaps buy a real one.

I read about wildcard certificates. Is it really possible to have a
single certificate which would be valid for www, gw and smtp for
chocolate.com ?

Is a wildcard just specified as *.chocolate.com, or is it some option
when creating the certificate where you specify chocolate.com and
provide an option to validate anything before it ?

Is it also possible to have a certificate which would work when the
server thinks its IP address is 10.0.0.20 while the remote client thinks
the server's IP is 12.34.56.78 ?