Setting up multiple domains each with a SSL cert
Question asked by Neal Culiner - May 12, 2017 at 1:55 PM
Unanswered
Hello,
 
I am adding domains to my SmarterMail 15 ENT configuration, actually I have multiple domains, I'm setting up SSL for multiple domains. Previously it was just mine, the main one that had a cert attached. I can't find any help in the KB area on how to do this. I'm assuming i have to duplicate all of the ports so that I can pair a cert with it and then bind the IP address for the domain to these new ports?
 
Thank you for any assistance on the proper way to do this.

5 Replies

Reply to Thread
0
Neal Culiner Replied
I have this working but I think having to create new sets of ports is not the right way to do this. The cert should be tied to the domain config and multiple domains can share ports, they don't need separate IP addresses just like multi-homing IIS. (Multiple bindings and server name verification). This would be a far cleaner approach to using a SSL CERT per domain. I'll figure out how to submit a feature request and discuss this with ST.
0
Von-Austin See Replied
Employee Post
Neal, we have added some discussion items on our end and will definitely take your feedback in mind for a future release.
 
Configuring a new set of ports for each domain would be the required configuration here to secure multiple domains. I understand this creates a bit of extra work to manage these ports; in SmarterMail 16 we've added a search feature in the Ports section to allow you to search for the specific port set. By editing the items returned in the search results, you would be able to bind them to the desired IP's. 
 
You may also want to look into unified communication certificate (also known as Multiple Domain SSL Certificates) which would give you the ability to secure multiple host names within a single certificate. This would allow you have a single set of SSL bindings simplifying the management of the certificate within SmarterMail.
 
Thank you for your feedback. Please let me know if you have any questions or concerns. 
Von See
Technical Support Supervisor
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Neal Culiner Replied
Thank you. I hope you saw the feedback I sent in via a feature request. As a developer myself I tell my team to design for 50,000 users, a load test design pattern per se. In the realm of SmarterMail think 1,000 domains. What if I was an email hosting company using your product and having to setup SSL on a large number of domains? Your current setup is far from ideal in handling this even as described in 16.x. I did see the multi domain SSL certs but they are limited to 5 I believe, no sure. I just opted for one per domain for now but the lesson learned is still valid, the method to bind to certs needs some careful thinking for larger scale users.
0
Von-Austin See Replied
Employee Post
Neal, just to confirm we did interpret this as a feature request. I agree with you that for large scale deployments this can be a pain to manage. We're kicking around a few ideas here on our end such as SNI and Let's Encrypt integration so improving the current state of SSL management is definitely on our radar.
Von See
Technical Support Supervisor
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Neal Culiner Replied
Yes, I'm good to go but was relaying the pain of it and ideas of doing it better in learning from it. It is a suggestion / feature request.

Reply to Thread