Back to Community Threads
New SNI certificate management and IIS configuration: must the bindings of the various IIS domains always be configured manually or does SmarterMail do it automatically?
Question asked by Gabriele Maoret - SERSIS - 2/20/2024 at 2:06 AM
Unanswered
I (finally!...) switched to the latest version of SmarterMail (v. 8804 custom build...) on my main server too.

Now it's a matter of reconfiguring everything to use SNI, because I'm currently using CertifyTheWeb with just 1 FQDN, the same for all the different email domains, and so far it has worked (and still continues to work) great (making me wonder why on earth we would change ...)...

Now my questions are the following:

1 - on the SmarterMail IIS site is it necessary to configure a BINDING for each mail.domainname.xxx and each autodiscover.domainname.xxx for each individual email domain? Or can you set up some sort of wildcard binding to make things easier?

2 - if by chance from question 1 the answer was that all the individual IIS bindings of the various domains must be configured separately, does it necessarily have to be done manually or does SmarterMail take care of it automatically?


In any case, can you post a correct example of how the IIS bindings should be configured with the new SNI system (maybe even with some explanatory screenshots)?
Gabriele Maoret - Head of SysAdmins and CISO at SERSIS
Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
Kyle Kerst Replied
2/20/2024 at 7:24 AM
Employee Post
Hi Gabriele! First, it is necessary to add individual HTTP bindings for each hostname you want covered by an SSL certificate. But, once you've enabled SSL Certificates in SmarterMail you should see the corresponding HTTPS bindings added automatically. If you have the Centralized Certificate Store feature configured in IIS we'll configure the HTTPS binding to use that, otherwise we point it directly to the newest PFX in the certificates directory. 
Kyle Kerst
Lead Internal Network/System Administrator
SmarterTools Inc.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
SmarterMail for Linux – SSL/TLS & Certificate ReferenceSmarterMail > Server Configuration and Management
Automated SSL certificate Issues.SmarterMail > Troubleshooting
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration
Set up SmarterMail as an IIS Site in IIS 10SmarterMail > Server Configuration and Management