Hi,

Sorry in advance for probably a straight forward query, I would just appreciate some confirmation that I'm picking the best route.

We are currently running multiple internet sites on a single Domino server.   (Domino 8.5.3FP6 HF2336 for Windows/64)

We have both non-SSL and SSL configured (SHA-1 certs).  Understand that we have to upgrade to 9, therefore we are moving to Domino 9.0.1. x (Whatever the latest is currently) to support SHA-2.

Currently we are using the same wildcard cert for all SSL sites.  I created a Domino keyfile and merged the single externally certified wildcard cert to it. Been fine for some years.

If I wanted to move away from wildcard certs and use specific certs for each site, how many Domino keyfile's do I need on the server?   Do I need one Domino keyfile for each site or can I create one keyfile containing all the site SSL certs?

From what I can tell the CSR is generated from the information you entered in the Keyfile. If I needed a different common name (for each site) then that would drive me towards multiple keyfiles.  I'm not even sure if this is possible.  I get a warning that a keyfile already exists in the current 8.5 cert admin.

Am I missing something?  If I have 15 SSL certs, what's the best way to ensure the internet sites can use them?

Hope this makes sense.

Appreciate anyone's time. Thanks in advance.