SSL certificates for multiple domains with STARTTLS connections

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Posts: 16
Joined: Sun May 06, 2018 10:48 pm

SSL certificates for multiple domains with STARTTLS connections

Postby robertitox » Tue Aug 13, 2019 1:40 pm

Dear people, I have a Zimbra servrr 8.7 with multiple domains, just one SSL common certificate with a generic canonical name and just one public IP.

In SMTPD mode, my Zimbra is listening to incoming connections from Internet mail servers in TCP/25 and TCP587 ports, and offers STARTTLS to encrypt the channel with SSL/TLS. Remote servers can't validate the certificate because the canonical name doesn't match the domain name, but email anymore.

I want to offer STARTTLS on ports TCP/25 and TCP/587 for incoming emails with the corresponding SSL certificate per domain.

Please can you tell me if these options are possible:

1) Install a SNI Certificate, so I can have a valid SSL certificate per domain using just one public IP

2) Install one SSL Certificate per domain, using a virtual hostname and a virtual IP per domain

Or maybe you can give me a new option...

Also I need to know if the above options suit for STARTTLS (SSL/TLS) for incoming connections or they only suit for HTTPS connections ???

Thanks a lot and regards !!!

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 19 guests