Multiple SSL Domains

Unanswered Question
Jun 7th, 2010

Can the Ironport C360 use more than one SSL certificate or can it use a multiple domain SSL certificate?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Tze Tai Mak Mon, 06/07/2010 - 05:36

AsyncOS 7.1 provides a number of enhancements to the TLS features on the Email Security appliance. One of them is:-

TLS per Listener

- You can assign a unique certificate per listener on the appliance for TLS connections. You can also assign a certificate to the HTTPS services on an IP interface, the LDAP interface, and all outgoing TLS connections.

john-copeland Mon, 06/07/2010 - 09:02

Thanks for that.

We have 12 domains for which we send and recieve emails.

Does this mean I need 12 listeners to install 12 SSL certificates onto?

I like to keep things simple so we only have 2 listeners, one for incoming mail and one for outgoing mail. Can I not install one multi domain SSL certificate onto each listener?

Ken Stieers Mon, 06/14/2010 - 09:57

Presumably they all resolve to 1 MX record?

If so you should only need one cert, the one for that 1 MX record.

john-copeland Tue, 06/29/2010 - 02:28

We have 12 MX records, one for each domain (otherwise we wouldn't receive email for


I have looked into this further and realised that the TLS connection is from the remote MTA to the Ironport (or vice versa), not the actual domain name, so we only need one SSL certificate for the Ironport hostname.

I have checked in the message tracking an we are sending and receiving over TLS for all domains.

Thanks anyway.


This Discussion