mapi connection domain certificate
Question asked by Richard Frank - 8/30/2020 at 2:07 PM
my mailserver has the url mail.soko.nl with certificate setup etc
can I use that domain and cert for a mapi connection for an other domain on the server?
I have test address richard@3r.nl
so I enabled mapi and autodiscover for that domain in the admin control panel
I created a srv dns record in the 3r.nl domain _autodiscover._tcp.3r.nl

but I can't authenticate when setting up a mapi account in outlook, it says it can't create a encrypted connection, click next if you want to connect without encryption, then it fails.

what do I need more? Do I need te create a ssl cert for every domain on my mailserver I host? 

3 Replies

Reply to Thread
Richard Frank Replied
I created the srv record saying to look at mail.soko.nl
I created cname autodiscover.3r.nl but outlook then says certificate isn't allright. looking for cert for autodiscover.3r.nl but finding mail.soko.nl

Kyle Kerst Replied
Employee Post
Hello Richard. Unfortunately no, your certificate for your primary domain will not work on customer domains. Most email clients and mobile devices default to customer-domain.com, mail.customer-domain.com, or autodiscover.customer-domain.com when probing for account set up details, and so it is best to have these hostnames set up to terminate on the SmarterMail server, then implement an SSL certificate that can cover all of these required hostnames in IIS. A good way to go about that is using Lets Encrypt as you'll see here: 

Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
Douglas Foster Replied
Try changing the autodiscover entry on the customer domain from an A record (your server IP address) to a CNAME record (your certificate host name).   Of course, you still need an A record that maps your certificate host name to an IP address, but I assume that this is already in place.   I think this will allow the existing certificate to validate successfully.

Reply to Thread