Install TLS / SSL for multiple domains using multiple certificates?
Question asked by Devang Shah - February 16, 2016 at 7:53 AM
We are using SM 14.x entp edition with Win 2012 R2 server, I need to install TLS / SSL to encrypt all mails
  1. My Primary IP is x.x.x.1 & using mail.mydomain.com which is primary our domain
  2. All Customer’s are configured currently using mail.customer1.com & mail.customer2.com & so on with their respective MX records
  3. We need to encrypt all outgoing / incoming mails to be using TLS / SSL by default by installing SSL on Primary domain i.e. mail.mydomain.com 
  4. Two of my customer are willing to opt for dedicated IP x.x.x.2 & x.x.x.3 & Digital certificate [[comodo SSL] to encrypt their mail traffic specifically [So i will have to install 3 Digital certificate on same server]
My queries
Can I use multiple certificate such as Comodo SSL or similar to secure multiple domains on one server? Will SM support it?
Can I install one certificates for main domain as secure.mydomain.com on SM Server & deploy two other certificates for specific two different customers for their mail domain i.e. mail.paidcustomer1.com & mail.paidcustomer2.com ?
Will it encrypt all mail modes such as website i.e. https:/ secure.mydomain.com & mail client such as Outlook/iPhone or Android if other customer uses secure.mydomain.com in their POP3/SMTP setting & uses secure.mydomain.com as their web interface to check mails via web?
Please guide us through the process & also Please send KB link as well If possible
Thanks in advance 

2 Replies

Reply to Thread
Martin Schaible Replied
February 17, 2016 at 5:06 PM
Interesting question, i actually need the answer too soon. I think, that this will workout.
First, forget the domains for a moment. We are now in the "Bindings". In "Port", you see the usual ports like "SMTP SSL", "POP SSL" and so on. All SSL-Ports are bound to a certificate. The Ports have a binding to an dedicated IP address.
Now we can add additional set of Ports named e.g. "POP SSL customer 1", "SMTP SSL customer 1" and so on. These Ports must be bound to a second certificate. Finally these ports needs to have a binding to a new IP-address, which can be added under Bindings -> IP Addresses. Each IP-address needs a valid host name, which can be added under "Bindings -> Hostnames".

I didn't test this scenario, but i'm pretty sure, that this will work.
If you add a new domain, you can choose between the different IP-addresses for the outbound IPV4.

Vincent Hardick Replied
February 3 at 6:58 AM
Is there any update on this

Reply to Thread