Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Multiple SSL certs
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
Can't find anything in the Admin guide about multiple certs and I haven't tried it yet. Is it possible?

Our scenario: 2 separate domains with 2 different IP's. mail1.company.com already has a SSL cert which works nicely. It is also bound to a specific IP address.

I want mail2.other_company.com to have the same setup but with it's own SSL cert. I understand that only one domain can be the primary domain, but like mail.1.company.com it is bound to a specific IP address on the server.

All KMS services are set to listen on all Ip's. So is it possible to install a second SSL cert for the 2nd domain with this setup?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
No, it is not possible to install more than one active SSL certificate for secure services.

However, there is a possibility to use multiple identities in the server certificate. This extension is named "subjectAltName" and is described in RFC 3280, chapter "4.2.1.7 Subject Alternative Name".

A suggested way is to create certificate with multiple identities based on DNS name or IP address, for example:

subjectAltName=DNS:company1.isp.com
subjectAltName=DNS:company2.isp.com
subjectAltName=DNS:mail.mydomain.com
subjectAltName=DNS:mail.mydomain.net

You can create such certificate with OpenSSL utility.
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
Thanks for the response.

Not really an option if you are hosting for another company. A feature request? Please!
  •  
dcsf

Messages: 29
Karma: 0
Send a private message to this user
The workaround won't work for me either.

Under my configuration, the IP address for the primary domain has a firewall rule that only allows incoming SMTP connections from a specific block of IP addresses (Postini's servers). A second IP address is used for other domains and the firewall is set to allow any incoming SMTP. My objective here is to prevent spam from servers trying to connect directly to the primary domain's A record bypassing Postini. The other domains are not filtered through Postini.

Previous Topic: Script new users?
Next Topic: Auto delete for trash and junk mail folder?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 19:35:46 CET 2017

Total time taken to generate the page: 0.00362 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.