Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

2 Certificates required?

This is out of my realm of knowledge. Our email security appliance acts as our email gateway in that all outgoing and incoming go through the appliance. The appliance is mail.mydomain.org. Our email server itself is the same. mail.mydomain.org. The firewall forwards port 443 traffic to the email server for OWA access. We need a 2nd URL for our junk summary notifications. Before I purchase a certificate for unjunk.mydomain.org, will the email security appliance use both certificates? Or maybe I'm way off in that we really don't need the mai.mydomain.org certificate on the email security appliance?

Category: Email Security Appliances
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Accepted Answer

    Hi @djhurt1 this will work just fine.

    --Michael@BWC

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @djhurt1 if you wanna stick with Port 443 for your junk summary notifications and ES administation you need a 2nd certificate, then you can assign the mail.mydomain.org cert to the SMTP and unjunk.mydomain.org to the HTTPS part on the ES.

    You could do some voodoo by assigning a different HTTPS for the ES and do NAT, but this probably overcomplicate things.

    --Michael@BWC

  • SonicAdmin80SonicAdmin80 Enthusiast ✭✭

    You could get a multi-domain certificate and use it for both.

  • djhurt1djhurt1 Newbie ✭

    @BWC


    I initially did try the voodoo you mentioned but haven't had any luck getting the firewall to route based on port properly. Ie. 4443 to ES and 443 to webmail.

    If I do go with another certificate, my question was if the ES will present both certificates because looking at the interface it appears you have to select one or the other. Of course that's just how it appears and may actually not be the case. I couldn't find anything that talks about that specifically in the guide so I hoped to get some clarity.

  • David WDavid W SonicWall Employee

    The login page for the UI is what would also be needed to use for the Junkbox summary.

    However the link you use is up to you and should also be in DNS with the link for the Ui and the link for the JBS would use the same name except for the first segment.

    i.e.

    https://JBS.sonicwall.com

    https://emailsecurity.sonicwall.com

    The way to do this would be to use a wildcard cert.


    You cannot use 2 certs with different names and specify their use on a per port or name basis.

    David Wilbur

     Technical Support Senior Advisor, Premier Services , SME Email Security

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @djhurt1 you can have seperate Certificates for SMTP and HTTPS is what I meant.

    If you just wanna handle a single cert then in your case a wildcard or mdc would be the way to go, coming with a little higher price tag.

    --Michael@BWC

  • djhurt1djhurt1 Newbie ✭

    @BWC


    I'm ordering a SAN cert. that includes both FQDNs, mail.mydomain.org and unjunk.mydomain.org(URL for junk summary notifications). I'll install this cert. on both our mail server and the email security appliance. This should work as far I can see, would you agree?

Sign In or Register to comment.