cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.2-020
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-239
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

1359
Views
0
Helpful
4
Replies
john-copeland
Beginner

Multiple SSL Domains

Can the Ironport C360 use more than one SSL certificate or can it use a multiple domain SSL certificate?

4 REPLIES 4
Tze Tai Mak
Beginner

AsyncOS 7.1 provides a number of enhancements to the TLS features on the Email Security appliance. One of them is:-

TLS per Listener

- You can assign a unique certificate per listener on the appliance for TLS connections. You can also assign a certificate to the HTTPS services on an IP interface, the LDAP interface, and all outgoing TLS connections.

Thanks for that.

We have 12 domains for which we send and recieve emails.

Does this mean I need 12 listeners to install 12 SSL certificates onto?

I like to keep things simple so we only have 2 listeners, one for incoming mail and one for outgoing mail. Can I not install one multi domain SSL certificate onto each listener?

Presumably they all resolve to 1 MX record?

If so you should only need one cert, the one for that 1 MX record.

We have 12 MX records, one for each domain (otherwise we wouldn't receive email for

them).

I have looked into this further and realised that the TLS connection is from the remote MTA to the Ironport (or vice versa), not the actual domain name, so we only need one SSL certificate for the Ironport hostname.

I have checked in the message tracking an we are sending and receiving over TLS for all domains.

Thanks anyway.

Create
Recognize Your Peers
Content for Community-Ad