Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
729
Views
5
Helpful
1
Replies

Changing External DNS, how to handle TLS

Greg.Howley
Level 1
Level 1

‎12-04-2015 08:52 AM

We are changing our gateway, so we will be updating our external MX & A records.

Since our TLS cert refers to our current A record, what would be the best way to handle a change?

IE:  current A record is mail.example.com  mx records point to mail.example.com TLS cert is applied at the cluster level on our edge ESAs as mail.example.com

new A record will be gateway.example.com, we will update all mx to point to gateway.example.com  and apply a new cert for gateway.example.com

 

What is the best way to do this to ensure minimal interruptions for Enforced TLS?  I think we need to reduce all mx ttl to a minimal time, do the changes to the MX, apply the new cert at the same time, and then a few hours later, put the ttl back to where it was.

Any thoughts?

Labels:
0 Helpful
1 Reply 1

Clifford McGlamry
Spotlight
Spotlight

‎12-04-2015 09:04 AM

Can you obtain and install a new cert that is a SAN certificate for this?  If you can use a SAN cert, then it can have both the old and new names on it at the same time.  

Cliff

Customers Also Viewed These Support Documents