SSL certificates for multiple domains with STARTTLS connections

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
robertitox
Posts: 20
Joined: Sun May 06, 2018 10:48 pm

SSL certificates for multiple domains with STARTTLS connections

Post by robertitox »

Dear people, I have a Zimbra servrr 8.7 with multiple domains, just one SSL common certificate with a generic canonical name and just one public IP.

In SMTPD mode, my Zimbra is listening to incoming connections from Internet mail servers in TCP/25 and TCP587 ports, and offers STARTTLS to encrypt the channel with SSL/TLS. Remote servers can't validate the certificate because the canonical name doesn't match the domain name, but email anymore.

I want to offer STARTTLS on ports TCP/25 and TCP/587 for incoming emails with the corresponding SSL certificate per domain.

Please can you tell me if these options are possible:

1) Install a SNI Certificate, so I can have a valid SSL certificate per domain using just one public IP

2) Install one SSL Certificate per domain, using a virtual hostname and a virtual IP per domain

Or maybe you can give me a new option...

Also I need to know if the above options suit for STARTTLS (SSL/TLS) for incoming connections or they only suit for HTTPS connections ???

Thanks a lot and regards !!!
User avatar
pup_seba
Outstanding Member
Outstanding Member
Posts: 687
Joined: Sat Sep 13, 2014 2:43 am
Location: Tarragona - Spain
Contact:

Re: SSL certificates for multiple domains with STARTTLS connections

Post by pup_seba »

Hi,

As far as I'm aware, SNI in Zimbra is only supported for https.

Regards,
Post Reply