The environment has two A records which are abc.com and xyz.com. In the primary site they have two ESA appliances and DR having a single ESA appliance, for mail delivery they configured MX record as below,
mx3.abc.com - DR
mx3.xyz.com - DR
If I need to enable TLS encryption for outbound email, do I need to purchase multiple certificates from third party certificate authority? or Please assist me with high level concept with the steps.
Ok... to be clear... MX records look like this: Abc.com. 21600 IN MX 10 mx1.abc.com Abc.com. 21600 IN MX 10 mx2.abc.com Abc.com. 21600 IN MX 10 mx3.abc.com And then the A records should look like this: Mx1.abc.com. 21600 IN A 10.10.10.1 Mx2.abc.com. 21600 IN A 10.10.10.2 Mx3.abc.com. 21600 IN A 10.30.10.1
You want the certificate to match the A records... so with the 2 domain names, you either need a UCC/SAN cert, with the 6 names in it, or 2 wildcard certs, one for abc.com, one for xyz.com
Yes you are right, MX record configured same as you mentioned. First of all I want to know why we need to certificate for one domain, whether certificate is binding with IP or A record? because single A record but three IPs (two devices in cluster setup)