Multi SAN Certificate creation and use

Beyond what Mac OS X Certificate Assistant and its SAN certificate creation path leads you through? (You can get at the Certificate Assistant tool in various ways including via Keychain menus. I usually pick the override defaults path when I'm creating a local certificate.) AFAIK, No. You do need functional DNS. What are the error message(s) around mail failing to start?

Is there an answer to this? I have the same problem with all certificates created within Server Admin. Renaming the cert files doesn't work, of course.

I'm thinking about trying to create a certificate via OpenSSL and use it. Sad thing is, I know very little about the intricacies of OpenSSL & creating certificates for OS X.

Thanks for any insight.

I finally got IMAP & POP services to launch using SSL. It had nothing to do with certificates and their names, or creating them in openssl, and everything to do with a botched dovecot.conf file, courtesy of Server Admin.

It appears that every time I changed the certificate for IMAP & POP SSL in Server Admin, it appended the new selection to the dovecot.conf file on 3 separate lines. The result was an unhealthy list of every certificate file Server Admin had ever been pointed to for this service.

After making a backup, I edited the file in pico (/etc/dovecot/dovecot.conf) down to the single cert file I wanted it to use and deleted the other entries. The most recent certificate happened to be first in the list, FWIW.

If you want to duplicate this, look for the lines beginning with:
"ssl certfile"
"ssl keyfile"
"ssl cafile"

Obviously you need to be careful in here. But I did not even have to bounce the service before it took my changes. Thankfully, Server Admin did not overwrite my edits (which I've seen happen with manual config of other services, such as the iChat service.)

Good luck, and let me know if I can provide more detail.