Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CL1
Contributor

Created on ‎03-20-2025 03:01 AM

DKIM key for multiple Fortimail

Hello everyone,

 

When generating a DKIM key for multiple FortiMail appliances across different sites, should a unique key be generated for each FortiMail, or can a single key be used for all of them? If it's the second case, how would the other FortiMail appliances obtain the private key? If it's the first case, do I have to upload all public keys on the DNS ?

 

Thank in advance

Best regards,

CL
CL
Labels:
74
0 Kudos
1 Solution
AEK
SuperUser
SuperUser

Created on ‎03-20-2025 05:40 AM

Hello CL1

 

Both are possible.

 

When you want it a unique DKIM, you generate a private and public address and you import the private key on each FML, and you install a single public key on your DNS. You can use an external DKIM key generator to obtain the private and public keys. However if you generate it with one FML then you can't obtain the private key via GUI, but I'm pretty sure you can get it from CLI. I don't remember the sub-command but you should be able to find it with "show full" or just with a backup.

 

You can also generate DKIM on each FML separately, but here you must give a unique name to each selector. Then you upload every public key on the public DNS, each under its unique name, and all will work fine.

 

Both are easy to implement but I think the second one more secure.

AEK

View solution in original post

AEK
53
2 REPLIES 2
AEK
SuperUser
SuperUser

Created on ‎03-20-2025 05:40 AM

Hello CL1

 

Both are possible.

 

When you want it a unique DKIM, you generate a private and public address and you import the private key on each FML, and you install a single public key on your DNS. You can use an external DKIM key generator to obtain the private and public keys. However if you generate it with one FML then you can't obtain the private key via GUI, but I'm pretty sure you can get it from CLI. I don't remember the sub-command but you should be able to find it with "show full" or just with a backup.

 

You can also generate DKIM on each FML separately, but here you must give a unique name to each selector. Then you upload every public key on the public DNS, each under its unique name, and all will work fine.

 

Both are easy to implement but I think the second one more secure.

AEK
AEK
54
CL1
Contributor
In response to AEK

Created on ‎03-20-2025 06:59 AM

Hello AEK,

 

Thank you once again for your help

 

I'll look for the command to get the private key on Fortinet's doc and follow your advice to choose the second option (generate a key for each fortimail)

 

Kind regards,

CL
CL
42
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.