2
SNI ssl
Question asked by Sabatino - 1/2/2023 at 9:35 AM
Answered
Unfortunately I haven't had time yet to install the beta on a test vm
But I have a curiosity. I've read about many new features but I haven't found any reference to SNI ssl support
has it been implemented?
Sabatino Traini
      Chief Information Officer
Genial s.r.l.
Martinsicuro - Italy

9 Replies

Reply to Thread
0
Tim Uzzanti Replied
Employee Post Marked As Answer
It has not.  It requires .NET core.  We are another step closer with this release.
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Kyle Kerst Replied
Employee Post
In the meantime though Sabatino; the Lets Encrypt/Certify system now includes a built-in export functionality (for PFX export) in their post-deployment steps section, so this makes using Certify a little easier if you don't want to automate it completely. 
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Jay Dubb Replied
You can also use a powershell script to export the certificate to a file, and put that file where you would normally keep your Smartermail certificate.  Keep the same certificate file name each time, so you don't have to keep updating it in the SM config.  Run the script periodically with Task Scheduler to automate the process so that SM is always using a current/valid certificate.  
 
1
Sabatino Replied
I already do this with certify the web and a powershell script

However, it requires a restart of the smartermail service and I don't like this at all.

Besides a direct method would certainly be better
Sabatino Traini
      Chief Information Officer
Genial s.r.l.
Martinsicuro - Italy

0
Kyle Kerst Replied
Employee Post
@Sabatino: The powershell/Certify/Lets Encrypt method shouldn't require a restart of the mail service. Does it just not see the updated PFX until you restart?
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Sabatino Replied
Yes that was what I meant.
If I need to create a custom ssl for a single domain I have to restart the mail service
Sabatino Traini
      Chief Information Officer
Genial s.r.l.
Martinsicuro - Italy

0
Zach Sylvester Replied
Employee Post
Hey guys,

Instead of using the PowerShell method, I found a better method. 
You can just create a deployment task inside of the Certify client itself.
This is way less work and a lot easier. I'm going to update the Let's Encrypt KB next week with this info.   
You shouldn't have to restart the mail service for the new certificate to work. 
Do you think you could open a ticket with us Sabatino so we can look into that further?
Something that I have noticed with the Let's Encrypt script is that sometimes it will export the wrong certificate if you do not have your certificate cleanup setup correctly. 
But anyway this is definitely something that we would like to help you with. 

So please reach out when you can or let me know and I can open the ticket for you. 

Kind Regards, 


Zach Sylvester
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Roger S. Replied
Hello Zach

We have exactly the same situation as Sabatino and after generating the certificate and porting it as PFX, we then have to restart the mail server service with a PowerShell script. The restart sometimes takes quite a long time (about 1 minute).

What also bothers me a lot is that we have to enter all customer domains into the same certificate and export it as PFX. Is there no way that we only have to enter the mail server primary domain and it still works for the customers without certificate errors?

Or that each customer has its own certificate for the mail server?

Thanks and greetings

Roger
0
Andrea Free Replied
Employee Post
Hi Roger, 

I'm afraid I don't have an alternative setup to suggest for your certificate setup at this time. However, when we're able to implement SNI support, it'll help alleviate some of the headaches surrounding the certificate setup per domain. 

That said, with the method Zach suggested, you shouldn't have to restart the mail service for the new certificate to work. If you're still having trouble with that setup, please submit a support ticket and we can help you through it. 

Andrea Free
SmarterTools Inc.
877-357-6278

www.smartertools.com

Reply to Thread