Easily Provide Secure Access to Webmail for Multiple Sites

jethrodesign

Well-Known Member
Feb 17, 2012
50
1
58
cPanel Access Level
Root Administrator
Hi, we have a dedicated server running WHM with about 30 cPanel accounts hosting small school websites on a single shared IP address. A lot of the schools just use the built-in cPanel email and webmail for their email handling.

But the default behavior when they try to login to their webmail by going to 'webmail.schooldomain.org' is that it switches to secure access (https), which is good. But because the root certificate for the server is self-signed, and not for their domain, they obviously get browser warnings. And a lot of these users are not particularly tech-saavy, so it really throws them off.

- How would someone typically deal with this situation so that users don't receive a warning when just accessing their webmail?

These are all small non-profits, so giving each a dedicated IP address and SSL certificate JUST for accessing webmail is probably not an option.

If it helps, the server is running CentOS 5.10 & WHM 11.42.1.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,912
2,241
363
Hello :)

You can install a SSL certificate with the hostname of the server for each service via:

"WHM Home » Service Configuration » Manage Service SSL Certificates"

Then, in "WHM Home » Server Configuration » Tweak Settings", under "Redirection", you can enable SSL redirection and ensure "SSL redirect destination" is set to Hostname or SSL Certificate Name. However, note that this redirection does not apply to proxy subdomains such as "webmail.domain.com".

Thank you.
 

jethrodesign

Well-Known Member
Feb 17, 2012
50
1
58
cPanel Access Level
Root Administrator
Thanks for the replies!

A) So I can get just a standard single-domain SSL certificate assigned to my root hostname (e.g., host.server-domain.com) and it can cover all of the basic services (webmail, cPanel, POP/IMAP email, etc.)??

B) Then I see in Tweak Settings where you set Non-SSL and SSL redirect destinations. Would I do 'Hostname' for both?


However, note that this redirection does not apply to proxy subdomains such as "webmail.domain.com".
C) So I'm pretty sure all sites on this server have A records for 'webmail.domain.org' and that's probably how most clients have accessed their webmail accounts. Would this certificate only work if clients were to go to either: 'https://www.domain.org/webmail' -or- 'https://host.server-domain.com:2083' ?? Neither is ideal, but if there's no other way to have the 'webmail.domain.org' easily redirect to something that works, I guess we'd have to slowly start 're-training' people on where to go.

Thanks for the insight here!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,912
2,241
363
1. Yes, you can purchase a single SSL certificate for the hostname and install it for the services in "WHM Home » Service Configuration » Manage Service SSL Certificates".

2. You can use "Hostname" or "SSL Certificate Name", as both would lead to the same destination in this case.

3. The service certificate does not apply to visitors who access the service using the proxy subdomains feature. The proxy subdomains secure URL is going to use the certificate that is installed for the individual domain name with Apache.

Thank you.
 

jethrodesign

Well-Known Member
Feb 17, 2012
50
1
58
cPanel Access Level
Root Administrator
OK, thanks for the response. It sounds like this wouldn't completely help in our situation, but it's good to know it's an option.

- Any other 'creative' ways to handle the proxy subdomain login? Separate individual SSL certs is not really an option for us here.

Thanks!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,912
2,241
363
- Any other 'creative' ways to handle the proxy subdomain login? Separate individual SSL certs is not really an option for us here.
You would have to install a separate certificate for each individual domain name if you wanted to avoid browser warnings or SSL failures.

Thank you.