The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Easily Provide Secure Access to Webmail for Multiple Sites

Discussion in 'Security' started by jethrodesign, Jun 27, 2014.

  1. jethrodesign

    jethrodesign Active Member

    Joined:
    Feb 17, 2012
    Messages:
    41
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hi, we have a dedicated server running WHM with about 30 cPanel accounts hosting small school websites on a single shared IP address. A lot of the schools just use the built-in cPanel email and webmail for their email handling.

    But the default behavior when they try to login to their webmail by going to 'webmail.schooldomain.org' is that it switches to secure access (https), which is good. But because the root certificate for the server is self-signed, and not for their domain, they obviously get browser warnings. And a lot of these users are not particularly tech-saavy, so it really throws them off.

    - How would someone typically deal with this situation so that users don't receive a warning when just accessing their webmail?

    These are all small non-profits, so giving each a dedicated IP address and SSL certificate JUST for accessing webmail is probably not an option.

    If it helps, the server is running CentOS 5.10 & WHM 11.42.1.
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    You can install one SSL certificate for your all services so that you will not get any warning when you used secure connection.

    Manage Service SSL Certificates
     
  3. SS-Maddy

    SS-Maddy Well-Known Member

    Joined:
    Mar 28, 2009
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Make sure to use the hostname of the server instead of the domain when purchasing the cert.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,814
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can install a SSL certificate with the hostname of the server for each service via:

    "WHM Home » Service Configuration » Manage Service SSL Certificates"

    Then, in "WHM Home » Server Configuration » Tweak Settings", under "Redirection", you can enable SSL redirection and ensure "SSL redirect destination" is set to Hostname or SSL Certificate Name. However, note that this redirection does not apply to proxy subdomains such as "webmail.domain.com".

    Thank you.
     
  5. jethrodesign

    jethrodesign Active Member

    Joined:
    Feb 17, 2012
    Messages:
    41
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Thanks for the replies!

    A) So I can get just a standard single-domain SSL certificate assigned to my root hostname (e.g., host.server-domain.com) and it can cover all of the basic services (webmail, cPanel, POP/IMAP email, etc.)??

    B) Then I see in Tweak Settings where you set Non-SSL and SSL redirect destinations. Would I do 'Hostname' for both?


    C) So I'm pretty sure all sites on this server have A records for 'webmail.domain.org' and that's probably how most clients have accessed their webmail accounts. Would this certificate only work if clients were to go to either: 'https://www.domain.org/webmail' -or- 'https://host.server-domain.com:2083' ?? Neither is ideal, but if there's no other way to have the 'webmail.domain.org' easily redirect to something that works, I guess we'd have to slowly start 're-training' people on where to go.

    Thanks for the insight here!
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,814
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    1. Yes, you can purchase a single SSL certificate for the hostname and install it for the services in "WHM Home » Service Configuration » Manage Service SSL Certificates".

    2. You can use "Hostname" or "SSL Certificate Name", as both would lead to the same destination in this case.

    3. The service certificate does not apply to visitors who access the service using the proxy subdomains feature. The proxy subdomains secure URL is going to use the certificate that is installed for the individual domain name with Apache.

    Thank you.
     
  7. jethrodesign

    jethrodesign Active Member

    Joined:
    Feb 17, 2012
    Messages:
    41
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    OK, thanks for the response. It sounds like this wouldn't completely help in our situation, but it's good to know it's an option.

    - Any other 'creative' ways to handle the proxy subdomain login? Separate individual SSL certs is not really an option for us here.

    Thanks!
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,814
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You would have to install a separate certificate for each individual domain name if you wanted to avoid browser warnings or SSL failures.

    Thank you.
     
Loading...

Share This Page