09-16-2013 01:59 AM
Hi,
We have our Ironport setup with about 10 receiving domains. My aim is to set it up so that all email sent and received from a particular domain (client.com) uses TLS. This domain will only send mail to our primary domain (company.com).
I am wondering how the TLS certificate will work with multiple domains? Is that cert just mapped to one email domain? Is a separate cert required for each domain, and so a separate listener for the receive domains that I don't need TLS for?
09-16-2013 02:15 AM
Note I am on ASyncOS version 7.5.1-102.
Actually, on further examination, it seems I only need one cert for my Ironport hostname? Can someone confirm this?
09-16-2013 11:37 AM
Hi Graham,
Yes it will be one certificate per box.
In reagrds to the TLS question you can set the TLS encryption to "Prefered" and take a lookt to the section create content filters for encryption.
http://www.cisco.com/en/US/docs/security/esa/esa7.5/ESA_7.5_Configuration_Guide.pdf
http://www.cisco.com/en/US/products/ps10154/products_user_guide_list.html
HTH,
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach"
http://www.cisco.com/web/partners/tools/pdihd.html
09-17-2013 12:25 AM
Thanks Luis. And when I am generating the cert signing request, do I use the external DNS name of the Ironport (the MX record) or the internal DNS name that the Ironport uses (same as the hostname that the Ironport responds to for HELO)?
Or I could just change the internal name to be the same as the MX record.
09-18-2013 10:35 AM
Graham,
It would be the hostname listed in your MX record.
Hope this helps.
Stephan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide