The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Issues with iPhone and self-signed ssl certificates

Discussion in 'E-mail Discussions' started by electric, Mar 4, 2011.

  1. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Hello,

    Just like most cpanel server owners, we are using "self-signed" ssl certificates for our mail (smtp/imap/pop) mail services.

    So normally, an iPhone user would simply click "install" or "trust and save this certificate" when connecting the first time over SSL to the mail server to get their mail.

    The problem is that iPhone iOS 4.x no longer allows the ability to "save" a self-signed certificate. So the warning/error popup occurs every time the user connects to the mail server over SSL to check their email.

    Not good.

    We're trying to figure out how to allow iPhone ios 4.x to save the self-signed certificates... but so far this does not seem too easy for a non-technical user. (Which is most iPhone users.)

    So.. as an alternative, we're investigating whether we should perhaps purchase a "real" ssl certificate for all our mail serves. (We haven't done this previously, because it woudl be expensive since we have a lot of servers.)

    Can anyone tell me what is involved to do this? The big problem is that all our customers use their own domain name hostnames for connecting to the servers. For example:

    SMTP: mail.customerdomain.com
    IMAP: mail.customerdomain.com

    (They do not use our server's hostname to connect.)

    So... my question... is if we install a real SSL certificate for the server hostname.. would this fix the problem? Or would it continue, because the customer is using their own "mail.customerdomain.com" domain and not the hostname of the ssl certificate?

    In other words... can this problem be fixed easily if the customer purchases their own unique ssl certificate for "mail.customerdomain.com"? (But then.. how would we install that onto the server since there is only one mail server, and mail.customerdomain.com is just basically a pointer?)

    Thanks very much for any help.
     
  2. amxfsx

    amxfsx Member

    Joined:
    Nov 6, 2005
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    We have seen this same issue with the new iPhones. It has also always been an issue when using secure email and a Microsoft Outlook client. If I understand correctly, Microsoft limits which SSL's they will recognize as not being self-signed to a small group of expensive SSL's.

    I'd appreciate if anyone has some information about what *low-cost* SSL's can be installed in WHM to take care of this issue for both iPhone and Outlook.

    Thanks.
     
Loading...

Share This Page