Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nicolasross
New Contributor III

Fortimail with SSL and SNI

We are planing on installer fortimail (vm) to protect our mail server. We avec more than 100 domains on our server. Curently, when a users connects to sendmail via our smtp, they use mostly mail.maindomain.com as smtp host, with ssl and authentification.

 

Some users are configured differently, so they use mail.theirdomain.com as smtp host, still in SSL with auth. That host points to the same IP of mail.maindomain.com, and our mail server uses SNI to offer the right certificat to the client.

 

If we implement fortimail, it's outside hostname will probably be let's say fortimail.maindomain.com, and an ssl cert for that name will be made. I will point client's domains MX to that name. But if I want to prevent anyone to send mail directly to the mailserver, I must either tell all users to modify their config to use fortimail.maindomain.com, which I would like to avoid, or point mail.theirdomain.com to the fortimail server.

 

So far, I was not able to specify multiple certs to be used by the fortimail, and was only able to select the certificate to be used by setting the default one to fortimail.maindomain.com

 

Is there a way to import multiple certificate and make them availaible with SNI ?

10 REPLIES 10
nicolasross
New Contributor III

emnoc wrote:

Okay so your  using the API just to  push the new cert/key into the FML?

That's the plan.

 

We don't have the FML yet, and my test vm is expired, so for now I am not actively on it. But I will surely post here when I have something.

 

I requested a demo to continu the integration...

Labels
Top Kudoed Authors