The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Basic help with SSL & Email

Discussion in 'E-mail Discussions' started by DavidR, Mar 2, 2008.

  1. DavidR

    DavidR Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    I've honestly never messed with the SSL/TLS (what exactly is TLS?) settings on my email, but now I want to make sure it works. I see where all the certs are located in WHM for the various services, and if I use the SSL (TLS fails) setting on my client I can get a connection and send/receive email. But each time I open my email client, I get a message about BAD signatures in my certificates. I realized these are some sort of self-signing cert installed automatically by cPanel, but is there a way to stop those messages? I can't imagine cPanel put them in there for use with that kind of error message popping up by design.

    I'm sure someone can point me to a thread with all this answered, but I haven't been able to find it ;)

    Thanks!
     
  2. DavidR

    DavidR Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    Even a nudge in the right direction would be appreciated ;)
     
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Are you using the self-signed certs that come with cPanel/WHM or are you using a cert you purchased? Note, self-signed certs will pretty much always throw a warning when using a SSL-based service such as HTTPS or mail over SSL unless the user chooses to permanently ignore such warnings for your server.

    If you are using a purchased cert, this should not happen.
     
  4. DavidR

    DavidR Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    Thanks. Yes, the self signed certs that were automatically installed. Unfortunately, I'm using Evolution as my mail client and it doesn't appear to have a way to ignore the errors. Which domain is used to request a cert for those services, the main server domain? Will this cause more errors since the server domain and the various email accounts use different domain names? I've used cPanel for years and just never messed with this.
     
  5. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    If you connect to a domain and the server throws a certificate for a different domain, that too will cause a warning (domain1.com is using a certificate for domain2.com).

    However, you can manage SSL certificates for services by going to WHM -> Service Configuration -> Manage Service SSL Certificates
     
  6. DavidR

    DavidR Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    Ok, I really want to get this clear in my head. When I go to WHM -> Service Configuration -> Manage Service SSL Certificates, I have a row of 5 certificates, 2 for email, 2 for WHM and 1 for ftp. I can click Install new Cert, but it asks for the cert and that's it. Where do I create the signing request for this? And if I do, what domain do I use for it? I'm very familiar with doing this for domain accounts, but I'm lost here. And when I get a cert, do I use the same one for each of these, or do I request 5 different certs for the same domain?

    I don't usually ask for a step by step but I could sure use it here :(
     
  7. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    If you click "Reset Certificate" you will revert to a self-signed certificate.

    If you click "Install Certificate" you will be prompted to enter information regarding the SSL certificate you purchased. This can be the same certificate as one would acquire for HTTPS. You can use the same certificate for HTTPS and all of the services.

    Currently you can only have 1 domain registered as having a SSL certificate on these services. Here is an existing feature request relating to this functionality: http://bugzilla.cpanel.net/show_bug.cgi?id=5982
     
  8. DavidR

    DavidR Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    Ok, to clarify, I do a cert signing request as I would for any domain, request if for my server.mydomain.com name, then install the cert I get for all my services, correct?
     
  9. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Yes, but you would then need to make sure your users are connecting to server.mydomain.com rather than theirdomain.com.

    For cPanel/WHM/webmail, there's a tweak setting to force this. However, no setting currently exists to force connections to redirect to another hostname.
     
  10. DavidR

    DavidR Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    16
    Ah, hence the bug report. I get it, thanks! Yes, I agree this is very necessary now.
     
Loading...

Share This Page