Multiple SSL Domains

john-copeland · ‎06-07-2010

Can the Ironport C360 use more than one SSL certificate or can it use a multiple domain SSL certificate?

Tze Tai Mak · ‎06-07-2010

AsyncOS 7.1 provides a number of enhancements to the TLS features on the Email Security appliance. One of them is:-

TLS per Listener

- You can assign a unique certificate per listener on the appliance for TLS connections. You can also assign a certificate to the HTTPS services on an IP interface, the LDAP interface, and all outgoing TLS connections.

john-copeland · ‎06-07-2010

Thanks for that.

We have 12 domains for which we send and recieve emails.

Does this mean I need 12 listeners to install 12 SSL certificates onto?

I like to keep things simple so we only have 2 listeners, one for incoming mail and one for outgoing mail. Can I not install one multi domain SSL certificate onto each listener?

Ken Stieers · ‎06-14-2010

Presumably they all resolve to 1 MX record?

If so you should only need one cert, the one for that 1 MX record.

john-copeland · ‎06-29-2010

We have 12 MX records, one for each domain (otherwise we wouldn't receive email for

them).

I have looked into this further and realised that the TLS connection is from the remote MTA to the Ironport (or vice versa), not the actual domain name, so we only need one SSL certificate for the Ironport hostname.

I have checked in the message tracking an we are sending and receiving over TLS for all domains.

Thanks anyway.