Issue
What are the steps to install multiple SSL certificates on the same Message Server or RazorGate appliance?
Solution
If your Message Server or RazorGate appliance is assigned more than one host name, for example, your appliance is named host.example.com, and smtp.example.com and/or imap.example.com, you need multiple SSL certificates.
To install multiple SSL certificates on the same appliance, associate a second IP address and fully-qualified domain name (FQDN) with the Message Server or RazorGate host appliance; this can be done by using either of the following methods:
- Use the Netif Bind command to add a second IP address to the host appliance. Enter the following:
Netif Bind Portnum IPaddress/masked-bits
Where:
- num identifies the Ethernet port to which you want to bind the IP address, as labeled on the appliance back panel.
- IPaddress is the second IP address to be assigned to the port number specified in this command string.
- masked-bits is the number of bits in the network mask; for example, if masked-bits is 24, the network mask is 255.255.255.0.
- Use the Netif Addalias command to configure the second IP address as an alias to the primary interface. Enter the following command:
Netif Addalias Portnum IPaddress/masked-bits
Where:
- num identifies the Ethernet port to which you want to bind the IP address, as labeled on the appliance back panel. This port must currently be bound (see Netif Bind in the Mirapoint Administration Protocol Reference.
- IPaddress is the second IP address to be assigned to the port number specified in this command string.
- masked-bits is the number of bits in the network mask; for example, if masked-bits is 24, the network mask is 255.255.255.0.
- If any secondary IP addresses assigned are in the same subnet as the primary port, make sure you have assigned a 32 bitmask to that address.
- Make sure that the internal/external DNS server has the correct A and PTR record for the new FQDN and IP address.
- The number of aliases you can add per port is limited to 512.
- Generate a new CSR for the new IP address or FQDN, and get and apply the third party SSL certificate. For more information, see Obtaining and Applying An SSL Certificate Using the CLI.
|
NOTE: You can repeat the above steps for multiple fully-qualified domain names (FQDNs) on the same appliance. These FQDNs are not CNAMEs, but map to different IP addresses on the same appliance. |
Comments
0 comments
Please sign in to leave a comment.