ssl on multiple domains for web login
Question asked by dean brown - May 7 at 1:34 PM
Answered
SM 15
IIS setup up with just 1 website (called SmarterMail) and bindings on 1 ip for both port 80 and 443 with no hostname. The SSL cert is on our main mail server domain name.

How do I add SSL to the web logins for some/all the other mail domains we host? Using Let's Encrypt would be great as well (over a paid one), but not necessary.

Thanks

6 Replies

Reply to Thread
0
Kyle Kerst Replied
Employee Post Marked As Answer
I believe this is exactly what you're looking for: https://www.smartertools.com/blog/2017/08/14-secure-smartermail-with-lets-encrypt 
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Kyle Kerst Replied
Employee Post
Essentially you'll need to configure bindings in IIS for each hostname you want set up in SmarterMail with an HTTPS connection, then run through that process linked above to generate SSL certificates for them. Its pretty straight forward, but please don't hesitate to reach out if you get stuck. 
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
dean brown Replied
Thanks Kyle - I have about 50 sites. Since I don't have any Host Headers assigned, they all work. 

Looks like I'll need to add each one (for both port 80 and 443) in the bindings first?

How about "Require Server Name Indication". I have that turned on on a web server that I use Let's Encrypt with.
0
Kyle Kerst Replied
Employee Post
Hello Dean, you're very welcome. Correct, Lets Encrypt (Certify client) will not request certificates for any domains other than the ones already set up as port 80 (HTTP) bindings in IIS. So once all the HTTP bindings are in place and verified working, you just run the Certify client to generate and verify SSL certificates for them. Certify will also automatically install the port 443 (HTTPS) bindings once verification completes. Server name indication and whether or not you use it largely depends on the server, software environment and configuration, and your average client devices as some will support SNI and others will not. For maximum security you'll want to enable SNI across the board.
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Stephen Smith Replied
Kyle,
  I have a paid installation ticket ( 1A3-24893B82-001C ) in with Tony, ongoing right now,  in which I think your comments above are part/complete solution to the problems we're experiencing.  

Could someone look at that ticket for me and see if this is a good/bad solution?

Many thanks,
Stephen
0
Binesh Shammunni Replied

I have done my server with multiple ssl configuration. Purchase any SSL vendor SNI certification, The SNI certificate will be very usefull for multiple domain. I have hosted all my sites different server and mail service in different server so main site ssl not help for hosting mail service. ( Lets Encrypt)

For example some of the SSL vendor provide , 5 , 10, 15  etc domains bulk purchase option and implement in IIS


Reply to Thread