SSL certificates for multiple domains with STARTTLS connections
Posted: Tue Aug 13, 2019 1:40 pm
Dear people, I have a Zimbra servrr 8.7 with multiple domains, just one SSL common certificate with a generic canonical name and just one public IP.
In SMTPD mode, my Zimbra is listening to incoming connections from Internet mail servers in TCP/25 and TCP587 ports, and offers STARTTLS to encrypt the channel with SSL/TLS. Remote servers can't validate the certificate because the canonical name doesn't match the domain name, but email anymore.
I want to offer STARTTLS on ports TCP/25 and TCP/587 for incoming emails with the corresponding SSL certificate per domain.
Please can you tell me if these options are possible:
1) Install a SNI Certificate, so I can have a valid SSL certificate per domain using just one public IP
2) Install one SSL Certificate per domain, using a virtual hostname and a virtual IP per domain
Or maybe you can give me a new option...
Also I need to know if the above options suit for STARTTLS (SSL/TLS) for incoming connections or they only suit for HTTPS connections ???
Thanks a lot and regards !!!
In SMTPD mode, my Zimbra is listening to incoming connections from Internet mail servers in TCP/25 and TCP587 ports, and offers STARTTLS to encrypt the channel with SSL/TLS. Remote servers can't validate the certificate because the canonical name doesn't match the domain name, but email anymore.
I want to offer STARTTLS on ports TCP/25 and TCP/587 for incoming emails with the corresponding SSL certificate per domain.
Please can you tell me if these options are possible:
1) Install a SNI Certificate, so I can have a valid SSL certificate per domain using just one public IP
2) Install one SSL Certificate per domain, using a virtual hostname and a virtual IP per domain
Or maybe you can give me a new option...
Also I need to know if the above options suit for STARTTLS (SSL/TLS) for incoming connections or they only suit for HTTPS connections ???
Thanks a lot and regards !!!