Solved: Generate a PEM certificate and use it in several Ironport

issael morales · ‎03-22-2013

You can generate a certificate in PEM ironports and the same use in other Ironports

Andreas Mueller · ‎03-27-2013

Hello Issael,

that is possible and quiet often used, i.e with a wildcard certificate where CN=*.example.com supporting any given interface name on each appliance, mail1.example.com, mail2.example.com, ....etc. If that is too expensive, and you are using only one IP for outbound traffic (i.e. behind a NAT), then use a normal cerificate and assign the same interface name to all appliances where traffic goes out. You could also use the subjectAltName in the certificate to specify the other appliances, but that is quiet complex and needs a specific look at the individual network setup.

Hope that helps,

Andreas

View solution in original post

Andreas Mueller · ‎03-27-2013

Hello Issael,

that is possible and quiet often used, i.e with a wildcard certificate where CN=*.example.com supporting any given interface name on each appliance, mail1.example.com, mail2.example.com, ....etc. If that is too expensive, and you are using only one IP for outbound traffic (i.e. behind a NAT), then use a normal cerificate and assign the same interface name to all appliances where traffic goes out. You could also use the subjectAltName in the certificate to specify the other appliances, but that is quiet complex and needs a specific look at the individual network setup.

Hope that helps,

Andreas

issael morales · ‎03-27-2013

Hello Andreas

thank you very much for your feedback.

regards