How do I add SSL to multiple domains in Smartermail?
Question asked by Bruce Earnest - September 14, 2014 at 8:37 PM
Answered
I have two clients that want to enable SSL on their domains, how do I add their certificates and attach them to their specific domain?

6 Replies

Reply to Thread
0
we run all of our domains under SSL, with a single IP address.
 
Host headers in SmarterMail handle segregation of domains on IP address.
 
IIS handles the interface to the web and everything else is setup in DNS and via mapping of ports to IP address, single hostname to IP address mapping in SmarterMail.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
I can post a brief explanation here, but this assumes a good, solid, working knowledge of the following items:
 
  • IIS
  • DNS
  • IIS FORWARDING
We run a single IP address
 
ALL HOSTED DOMAINS MUST BE CONFIGURED TO USE THE SAME IP ADDRESS IN SMARTERMAIL
DISABLE the ENABLE PRIMARY IP ON FAILURE setting in SMTP OUT.
 
The PORTS are configured per the diagram and settings referenced here:
 
 
 
The public FQDN (fully qualified domain name) of our SSL SmarterMail connection is "securemail.chicagonettech.com"
 
​Our primary IIS interface is SSL, and located at https://securemail.chicagonettech.com
 
Using the URL of any of our hosted domains forwards the request to https://securemail.chicagonettech.com
 
This handles all of the web access.
 
For the client (Outlook, Thunderbird, SmartPhone, Tablet, laptop, etc) access, all calls, POP, IMAP, and SMTP are made to securemail.chicagonettech.com - no matter what the client's domain name is.
 
The client the uses his or her e-mail address and password as their login information, just like they do when accessing via a web interface.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
I can understand how apache or iis can be set up with Virtual domains so companyone.com resolves to the same IP address as http://securemail.chicagonettech.com  and a multi name SSL cert is set up  but  
  • Does that cause issues with Auto discovery when companyOne.com autodiscovers their mail server and connects only to be told it is now at securemail.chicagonettech.com
  • The autodiscover for mail - it must change domain names in the process giving an you were looking for CompanyOne.com but have connected to securemail.chicagonettech.com   type error or warning.
0
So is there an answer to the original question?  What if I have clients who want their own, private IP Address and want a private TLS/SSL Certificate bound to their domain/IP?
 
Can I have three clients (domains), with three certificates, and three IP Addresses coexist in the same installation?
0
In 13.2, I'm curious how this could be setup? Suppose you have two domains:
 
1) mail.domain2.com bound to 10.1.1.2
 
2) mail.domain3.com bound to 10.1.1.3
 
While each domain can be bound to an IP within SmarterMail, when in Security > Bindings > Ports, there is no setting to bind port 465 independently to each IP so therefore only one SSL certificate can be bound to the SMTP port listening on 465. The only way I can see this working is if you assign a different alternate port for each protocol to which an SSL cert will be bound for the second domain.
 
Am I overlooking something?
 
Thanks!
 
Jason
0
The  ports are bound, independently, to the IP addresses.
 
The IP addresses are then mapped to the host names.
 
So long as the OP has enough IP addresses, and his clients are willing to spend the money on the cost of the certificates, this is not a problem and can be handled by SmarterMail, using the standard IP addresses.  There's no reason to do custom port number mappings.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread