Prior to using Zimbra we used service-based hostnames, i.e. imap.company.com, smtp.ixico.com, webmail.company.com. I would like to continue doing this but obviously this will cause some problems with the ssl certificates. I can sort out the postfix one, but the tomcat service ones are a problem. As far as I can see there are three options:

1 - Configure tomcat to use separate certificates for the different services, based on the connection port - I don't think there's any (reasonably straight forward) way to do this though..?

2 - Get a certificate with AlternativeNames for the other hostnames, but I can't see any reference to this in the forums or Wiki - would this work? If so how do I go about creating the csr?

3 - Get a wildcard certificate. This seems the most likely to work but will be the most expensive. There are also issues with Windows mobile clients. If I just create the csr with cn= *.company.com will that work? I've seen a few references to this in the forums but no definite statement that it will be ok - I'd be grateful if someone could confirm.

Are there any other ideas I haven't thought of?