Needs dictate the use of a TLS certificate for mail delivery in Symantec Messaging Gateway (SMG), and a shared certificate for both mail delivery and other services would be preferred.
Messaging Gateway (SMG) supports the use of both wildcard certificates and TLS certificates with multiple Subject Alternative Name (SAN) fields for TLS mail security and securing communication with the Control Center web application.
In general, it is recommended that certificates with multiple SAN values, which match both the MX hostnames and any other hostname used to access SMG, be used rather than wildcard certificates, although both will work.
At this time, the SMG Control Center cannot generate the certificate signing requests (CSRs) for either wildcard certificates or certificates with multiple SAN values. Those CSRs would need to be generated outside of SMG, and their signed certificates with associated private keys would need to be imported as described in the Messaging Gateway product documentation.
For installation steps of TLS certificates, please view... Enable secure email delivery using TLS certificates.