We are looking at implementing TLS on our C360 Email Appliances. I have looked into generating a CSR and am fine except for the hostname to use in the common name field.
I know that with secure websites it is the name of the website followed by the domain e.g. www.externaldomain.com, portal.externaldomain.com.
What hostname do you use with TLS with the Ironport email appliance?
I think that it is the external MX record name (mail.externaldomain.com) as this is what other email systems would be connecting to, but there is also the FQDN of the Ironport appliance and the hostname of the IP Interface for outgoing email (as this appears in the 'Received from' field when sending external emails).
Any advice would be much appreciated.
You should use the name defined in the PTR (reversed) DNS record of the sending IP address.
normally that should be the same as the hostname used for your public interface and also the hostname used in your (E)HLO greating.