The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail Client config section gives wrong info for SSL

Discussion in 'E-mail Discussions' started by 4u123, Jan 8, 2013.

Thread Status:
Not open for further replies.
  1. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Hi folks, I noticed today that when a customer chooses the "Configure Email Client" option in cpanel, the resulting page "clientconf.html" displays incorrect information about the SSL server hostname.

    We use a basic naming convention for our servers similiar to this...

    server001.domain.com
    server002.domain.com

    And we run a wildcard certificate for the cpanel service certificates - i.e *.domain.com

    So the server's hostname is always covered by SSL for the relevent services.

    Unfortunately, cpanel hasn't picked up on that and on all our servers, the info provided to the customer for them to connect via ssl is...

    mail.domain.com

    Which is of course completely incorrect and causes confusion for the customers. In fact, it's pretty ridiculous as it seems to suggest that a unique SSL certificate should be set up for each server individually. I'm not sure why it adds the "mail" prefix.

    I am going to make the assumption that the way we have configured this is the most common way of setting up the service certificates and that this issue will affect any web host using this method.

    So my questions are...

    1. Is there a way to specifiy the SSL hostname somewhere, so that the customers can be presented with the correct info in cpanel?
    2. If we are not doing this correctly (using a wildcard cert), what other way is recommended? I don't think it is practical to purchase an individual SSL cert for each server.

    I can see this turning into a feature request :-(

    Thanks for your time.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    On the Mail Client Configuration page, under the SSL section is shows you mail.domain.com instead of host.server.com, is that correct?
     
  3. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    If the server's hostname is server.domain.com and the service certificate is *.domain.com the Mail Client Configuration page shows mail.domain.com. I don't know why it defaults to this. I think it must try to work out what hostname is covered by the certificate and if it cant find one (as it is a wildcard) it automatically prefixes with "mail.".

    It stands to reason if the server's hostname is blah.domain.com and the certificate is *.domain.com that the Mail Client Configuration page should show the server's hostname as the SSL host to connect to - but I also think that we should be able to specify this somewhere - perhaps in tweak settings or in the service certificate area.
     
    #3 4u123, Jan 8, 2013
    Last edited: Jan 8, 2013
  4. alinford

    alinford Well-Known Member

    Joined:
    Nov 4, 2006
    Messages:
    50
    Likes Received:
    1
    Trophy Points:
    8
    I am having this same issue, except my config page is showing www.domain.com instead of hostname.domain.com.

    Is there really no way to manually update this? It also breaks the webdisk ssl option.
     
  5. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Are you using a wildcard cert too?
     
  6. intelliracks

    intelliracks Registered

    Joined:
    Jan 16, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    We too are seeing this issue on servers that are using a wildcard certificate.
     
  7. LDHosting

    LDHosting Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    93
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
  8. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    I also have the same issue. This is giving me a lot of troubles because users have problems configuring their mail clients.

    I have a wildcard SSL and the incoming/outgoing server shows mail.domain.com, this happens on all cPanel servers.

    Which is wrong as it should show "servername.domain.com" which is the correct name server and the setting that works for SSL to avoid certicates problems.

    This is a bug and needs to be rectified.
     
    #8 nibb, Apr 25, 2013
    Last edited: Apr 25, 2013
  9. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    I got a feature requests notification today that this fix has been released.
     
  10. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Which version? This issue is here for months as far as I can see.
     
  11. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    The email just read...

    In the feature request itself, Nick said...

     
  12. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Unfortunately, at first glance it would appear that this has been implemented incorrectly. All my servers are now on 11.38 and this behaviour has changed.

    Previous issue: the SSL info was displaying mail.SSLCERTDOMAIN - so if the wildcard cert was for *.allmyservers.com the info would incorrectly display mail.allmyservers.com

    The new implementation of this has simply set the SSL info to be the same as the non SSL info. So it is just now set to mail.mydomain.com where "mydomain.com" is the customers domain name. Again this is incorrect.

    The correct implementation of this would be to set the info to display as the server's hostname, or to provide a configuration option to change this.

    I've looked in "Tweak Settings" for a new option where the SSL mail hostname can be set - but I can't find any such setting.

    Did I miss something?
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The updated behavior is documented at:

    Email Client Configuration

    You may also be interested in the following feature request:

    SSL Certificates Per Domain On Services

    Thank you.
     
  14. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    This does not explain the logic, or the outcome of what is displayed for the SSL details in cpanel when the customer clicks "More > Configure Email Client" from the Email Accounts section.

    On all my servers I have a wildcard SSL certificate installed for all the service certificates. *.myserverdomain.com

    An example server hostname would be server01.myserverdomain.com

    In the customer's cpanel - the "Configure Email Client" shows the following info for the SSL hostname...

    WHM 11.36

    mail.myserverdomain.com (old behaviour - incorrect)

    WHM 11.38

    mail.customerdomain.com (new behaviour - incorrect)

    Both of these are incorrect. To connect via SSL using the service certificate on this server - the customer must use server01.myserverdomain.com which is the server's hostname and is covered by the wildcard certificate. I've checked three servers in sequence and this is not being displayed on any of them. Instead, the customers domain name is prefixed with mail in the same way as the non SSL details.

    Your documentation above does not clearly indicate what SSL hostname will be displayed in the event of a wildcard SSL being used. In fact it makes no sense at all.

    I need to quote it again...

    I'm sorry but that is complete nonsense.

    Then...

    You are trying to explain how a wilcard certificate works there. Why? Any web host who installs a wildcard certificate already knows what it is for. But more to the point, none of that explains why the cpanel mail configuration details display mail.customerdomain.com for the SSL details and for the non SSL details. Can you explain to me in what way does the above explain this behaviour? To me, it simply explains pretty badly how an SSL certificate works.

    So - not only is the new behaviour of this incorrect, your documentation does not explain the logic behind it at all.

    Can you please clarify exactly what should be displayed in the customer's cpanel "Configure Email Client" details for SSL under the following circumstances..

    1. The server is using a wildcard SSL certificate named *.myserverdomain.com for all services, as set in the "Service Certificates" section of WHM.

    and

    2. The server's hostname is server01.myserverdomain.com

    Thank you.
     
    #14 4u123, Jun 11, 2013
    Last edited: Jun 11, 2013
  15. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    I have just manually checked the first ten of my servers. I logged into cpanel as a random customer and viewed the "Configure Email Client" details.

    Out of the ten servers checked, two of them correctly display the server's hostname in the SSL details. The other eight simply display the customer's domain with a mail prefix.

    I understand that prior to 11.38, the SSL hostname was taken from the following files...

    /var/cpanel/ssl/dovecot-CN
    /var/cpanel/ssl/exim-CN

    Where a wildcard cert is used, these files both currently contain the certificate name - i.e

    *.myserverdomain.com

    This is the same for the eight servers that do not display the details correctly and for the two that do. So I can only make the assumption that the displayed hostname is now determined by a different process.

    I can confirm that replacing the certificate name with the server's hostname in these files does not have any effect on the displayed info in cpanel.
     
    #15 4u123, Jun 11, 2013
    Last edited: Jun 11, 2013
  16. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Support ticket number 4231465
     
  17. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The result of the ticket was that this particular issue stemmed from an invalid hostname used on the server. The hostname contained capital letters, which are not supported. Updating the hostname to all lowercase letters via "WHM Home » Networking Setup » Change Hostname" resolved this issue.

    Thank you.
     
  18. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Hi Michael,

    A hostname with uppercase letters is not strictly "invalid" as you put it. The issue here is that cpanel does not correctly support hostnames with uppercase letters for this particular function.
     
  19. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, that is true. For the most part, users will not encounter any problems with capital letters in their hostname. However, the use of lowercase letters is listed as a requirement for cPanel in our documentation:

    cPanel Docs - Hostname

    Thank you.
     
  20. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    It might well be listed as a requirement for cPanel now - but it certainly wasn't when our server hostnames were created in 2005. Now that I know your software doesn't correctly support mixed case or uppercase hostnames, I've changed them to lowercase.

    Thanks.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page