2 Certificates required?
djhurt1 Newbie ✭
This is out of my realm of knowledge. Our email security appliance acts as our email gateway in that all outgoing and incoming go through the appliance. The appliance is mail.mydomain.org. Our email server itself is the same. mail.mydomain.org. The firewall forwards port 443 traffic to the email server for OWA access. We need a 2nd URL for our junk summary notifications. Before I purchase a certificate for unjunk.mydomain.org, will the email security appliance use both certificates? Or maybe I'm way off in that we really don't need the mai.mydomain.org certificate on the email security appliance?
Category: Email Security Appliances
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Hi @djhurt1 if you wanna stick with Port 443 for your junk summary notifications and ES administation you need a 2nd certificate, then you can assign the mail.mydomain.org cert to the SMTP and unjunk.mydomain.org to the HTTPS part on the ES.
You could do some voodoo by assigning a different HTTPS for the ES and do NAT, but this probably overcomplicate things.
You could get a multi-domain certificate and use it for both.
I initially did try the voodoo you mentioned but haven't had any luck getting the firewall to route based on port properly. Ie. 4443 to ES and 443 to webmail.
If I do go with another certificate, my question was if the ES will present both certificates because looking at the interface it appears you have to select one or the other. Of course that's just how it appears and may actually not be the case. I couldn't find anything that talks about that specifically in the guide so I hoped to get some clarity.
The login page for the UI is what would also be needed to use for the Junkbox summary.
However the link you use is up to you and should also be in DNS with the link for the Ui and the link for the JBS would use the same name except for the first segment.
The way to do this would be to use a wildcard cert.
You cannot use 2 certs with different names and specify their use on a per port or name basis.
Technical Support Senior Advisor, Premier Services , SME Email Security
@djhurt1 you can have seperate Certificates for SMTP and HTTPS is what I meant.
If you just wanna handle a single cert then in your case a wildcard or mdc would be the way to go, coming with a little higher price tag.
I'm ordering a SAN cert. that includes both FQDNs, mail.mydomain.org and unjunk.mydomain.org(URL for junk summary notifications). I'll install this cert. on both our mail server and the email security appliance. This should work as far I can see, would you agree?