I am wondering if an SSL certificate would work and be accepted in the following circumstances. In each of these circumstances, one DNS name returns a CNAME record for another DNS name, and the client is connecting to the server based on the alias name:
1) The DNS name www.example.com returns a CNAME record for www.example2.com. The server at the IP address for www.example2.com is running a web server. A web browser connects to the site using the name https://www.example.com (resolving to the CNAME www.example2.com and subsequently to the IP address). The SSL certificate returned by the server is for only www.example2.com. Will/should the browser consider the certificate to be valid for this connection? Is this implementation-defined based on the browser that is being used, or is the behavior defined by a standard?
2) The DNS name mx.example.com returns a CNAME record for mx.example2.com. The server at the IP address for mx.example2.com is running a SMTP server with SSL support. A SMTP client (e.g. a mail transfer agent) connects to the server using the name mx.example.com (which it resolves to the CNAME mx.example2.com and subsequently to the IP address). The SSL certificate returned by the server is only for mx.example2.com. Will/should the client consider the certificate to be valid for this connection? Is this implementation-defined based on the client being used, or is this behavior defined by a standard?
3) The DNS name imap.example.com returns a CNAME record for imap.example2.com. The server at the IP address for imap.example2.com is running a IMAP server with SSL support. A mail application connects to the server using the name imap.example.com (which it resolves to the CNAME imap.example2.com and subsequently to the IP address). The SSL certificate returned by the server is only for imap.example2.com. Will/should the mail application consider the certificate to be valid for this connection? Is this implementation-defined based on the application being used, or is this behavior defined by a standard?
