Back to Community Threads
2
Setting up multiple domains each with a SSL cert
Question asked by Neal Culiner - 5/12/2017 at 1:55 PM
Unanswered
Hello,
 
I am adding domains to my SmarterMail 15 ENT configuration, actually I have multiple domains, I'm setting up SSL for multiple domains. Previously it was just mine, the main one that had a cert attached. I can't find any help in the KB area on how to do this. I'm assuming i have to duplicate all of the ports so that I can pair a cert with it and then bind the IP address for the domain to these new ports?
 
Thank you for any assistance on the proper way to do this.

8 Replies

Reply to Thread
0
Neal Culiner Replied
5/15/2017 at 10:17 AM
I have this working but I think having to create new sets of ports is not the right way to do this. The cert should be tied to the domain config and multiple domains can share ports, they don't need separate IP addresses just like multi-homing IIS. (Multiple bindings and server name verification). This would be a far cleaner approach to using a SSL CERT per domain. I'll figure out how to submit a feature request and discuss this with ST.
0
Employee Replied
5/16/2017 at 6:30 PM
Employee Post
Neal, we have added some discussion items on our end and will definitely take your feedback in mind for a future release.
 
Configuring a new set of ports for each domain would be the required configuration here to secure multiple domains. I understand this creates a bit of extra work to manage these ports; in SmarterMail 16 we've added a search feature in the Ports section to allow you to search for the specific port set. By editing the items returned in the search results, you would be able to bind them to the desired IP's. 
 
You may also want to look into unified communication certificate (also known as Multiple Domain SSL Certificates) which would give you the ability to secure multiple host names within a single certificate. This would allow you have a single set of SSL bindings simplifying the management of the certificate within SmarterMail.
 
Thank you for your feedback. Please let me know if you have any questions or concerns. 
1
Neal Culiner Replied
5/17/2017 at 7:04 AM
Thank you. I hope you saw the feedback I sent in via a feature request. As a developer myself I tell my team to design for 50,000 users, a load test design pattern per se. In the realm of SmarterMail think 1,000 domains. What if I was an email hosting company using your product and having to setup SSL on a large number of domains? Your current setup is far from ideal in handling this even as described in 16.x. I did see the multi domain SSL certs but they are limited to 5 I believe, no sure. I just opted for one per domain for now but the lesson learned is still valid, the method to bind to certs needs some careful thinking for larger scale users.
0
Employee Replied
5/17/2017 at 7:33 AM
Employee Post
Neal, just to confirm we did interpret this as a feature request. I agree with you that for large scale deployments this can be a pain to manage. We're kicking around a few ideas here on our end such as SNI and Let's Encrypt integration so improving the current state of SSL management is definitely on our radar.
0
Neal Culiner Replied
5/17/2017 at 7:42 AM
Yes, I'm good to go but was relaying the pain of it and ideas of doing it better in learning from it. It is a suggestion / feature request.
1
Stephen Smith Replied
6/9/2019 at 9:22 PM
Just kicking the thread back up in front.  This has recently become an issue for our small development company.  We have used this method currently: https://portal.smartertools.com/community/a393/how-do-i-add-ssl-to-multiple-domains-in-smartermail.aspx    but now are getting a lot of client complain because they are told (when setting up mail in Outlook or Apple Mail), that the connection we're telling them to use is 'insecure' and not safe.  this is due to the fact that the client's email domain name is not the same as the domain the SSL was issued on.

I'm shocked this is not a giant issue for loads of small dev companies like mine.

Thanks,
Stephen
1
CTL Replied
6/9/2019 at 10:41 PM
@Neal @ Stephen,

In my server I have purchase SNI certificate from third party vendor and implement all my smartermail clients.
Need careful  configuration all domain looks one port 143 & 25, its quite complicated and should be properly match certificate so that your multiple domain bind ssl certificate. 

So far all my webmail enforced TLS 1.2 
0
Kyle Kerst Replied
6/10/2019 at 3:56 PM
Employee Post
You can also utilize the LetsEncrypt process to generate a single SSL certificate that covers all domains per our blog entry here: 
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Troubleshooting SmarterMail Automatic SSL CertificatesSmarterMail > Troubleshooting
Multiple Automatic SSL Certs for the Same HostnameSmarterMail > Troubleshooting
SSL Issues for Hosted SmarterTrack DomainsSmarterTrack > Troubleshooting
Integrating Existing SSL Certificates With SmarterMail Automated SSL CertificatesSmarterMail > Server Configuration and Management
Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration