it would be great if we could define multiple TLS certificates for Samba and let Samba choose the right key based on the SNI of the requesting client. This way Samba could for example get additional TLS sertificates for alias names which could be used by proxies or load balancers without having to mess with replacing the main AD controller TLS certificate of the DCs.