Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » One Server Multiple Secured Domains
  •  
talkinggoat

Messages: 49
Karma: 0
Send a private message to this user
I have a mail server that is using multiple domains for secured mail. Problem is, Kerio only allows me to apply one certificate to the server. Does anyone know of a workaround for this, or how to generate a self signed UCC cert?
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
talkinggoat wrote on Thu, 05 March 2009 11:43

I have a mail server that is using multiple domains for secured mail. Problem is, Kerio only allows me to apply one certificate to the server.

As kerio can only bind to 1 IP address per service, multiple certs won't help as each would need it's own IP. If all sub domains connect to the primary domain secure services, it isn't a problem at all. There will be no cert errors. We also have a number of sub domains and this is how we use SSL.
  •  
talkinggoat

Messages: 49
Karma: 0
Send a private message to this user
Actually, it's not a sub domain. They are separate domains, entirely. Each domain has its own IP address that it binds to, set in domains > (domain name) > advanced. Kerio support suggested creating a UCC cert, but I'm not sure how to make a self signed version.
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
I understand. I should have used the terms '1 primary domain and multiple secondary domains.' Maybe this will help:
gbrown100 wrote on Tue, 18 November 2008 13:47

I was just looking at the possibility of hosting a Kerio server. Whilst Kerio does support multiple domain names, regarding the web access there is currently no way to have more than one active primary domain name. This means that your webmail can only have one SSL certificate against it.

i.e.
webmail.mydomain1.co.uk will be fine (Primary Domain)
webmail.mydomain2.co.uk will still be advertising mydomain1.co.uk's security certificate and so browsers will show as invalid

The only way I could think of getting round this was to have your own domain name for the webaccess such as xyzhosting.co.uk as the primary domain and then set up your customers with their own domain as secondary domains. They still ahve to always connect to your domain name for webmail.


Another issue you may run into is that when kerio sends messages via smtp server, it doesn't always send from the IP address of the sending domain if you have multiple IP's on the same server. Therefore, the receiving server may see a connection from IP with PTR record for xxx.com, when in fact the message was sent from domain yyy.com which resolves to a different IP with a different PTR. Some servers will reject this message.
  •  
talkinggoat

Messages: 49
Karma: 0
Send a private message to this user
Does anyone know how to do this using a self signed UCC?

[Updated on: Tue, 10 March 2009 07:08]

  •  
talkinggoat

Messages: 49
Karma: 0
Send a private message to this user
There is a way to do this using a self signed cert, with subject alternative names, or SAN (SANs)... I'll make a video for everyone, soon. Smile
  •  
gbrown100

Messages: 175
Karma: 1
Send a private message to this user
I would sure like to see that video!

I am doing an exchange install this weekend and am using a certificate from www.certificatesforexchange.com which will do a UCC certificate for $59.99 per year. If it is possibel for Kerio to support UCC certs then I guess I could use this type of cert also.

Graham
Previous Topic: Two different Internet Connections and one domain only!
Next Topic: which report file to modify?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Sep 19 19:11:49 CEST 2017

Total time taken to generate the page: 0.00485 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.