> On Dec 10, 2017, at 1:28 PM, G B <g_patri...@yahoo.com> wrote: > > 7.7.5 SMTP over TLS > Do I create a certificate for each domain?
For SMTP relay (port 25 w/STARTTLS), MTAs ignore the CN in the server's certificate, so you can just set up a single cert with the host's canonical name. For Submission (port 465/587) you can generally get away as above, although a very few MUAs might pop up a certificate warning if they can't find a CN that matches the host name they think they are connecting to.
