more than only one certificate per server

Hello,


We serve at work many customers within a client/server architecture
and would like to have different certs for different customer - but
we've only one server where all customers connect to.

Therefor I'm wondering, whether it is possible for a server providing a
SSL connection to its web service to accept more than only one
certificate.

--
MfG/Sincerely

Toralf Förster
pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3

toralf wrote:

> Hello,
>
>
> We serve at work many customers within a client/server architecture
> and would like to have different certs for different customer - but
> we've only one server where all customers connect to.
>
> Therefor I'm wondering, whether it is possible for a server providing a
> SSL connection to its web service to accept more than only one
> certificate.
>

A web service using SSL/TLS can accept more than one client certificate,
f.ex. one for each customer. If your web service supports specifying
certification authorities to sign client certificates (like apache does),
you can create a CA to sign client certificates. This would enable you to
issue new client certificates without reconfiguring your web service. And
if you can specify certificate revocation lists as well, you can also
revoke certificates without reconfiguration. But this depends on what the
server behind your web service supports.

What a web service can't do is present different server certificates to each
customer, except each customer would use his own IP/Port combination.

Hope it helps,
Felix Tiede