The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

question about SSL cert and SMTP !!!

Discussion in 'E-mail Discussions' started by dhecker, May 30, 2005.

  1. dhecker

    dhecker Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    Hello all -

    I hope that some of you experts can advise me about the following question:

    I am on a vps server with cpanel/whm. I have 2 static IPs with this host. I would like my users to begin using ssl+smtp over the ordinary port .

    The problem is, when my users connect to the smtp server using Outlook, etc. they get a security message that says "The server you are connected to is using a security certificate that could not be verified. A certificate chain processed, but terminate in a root certificate which is not trusted by the root provider. Do you want to continue using this server?"

    My server doesn't have an ssl certificate installed, which i believe is the problem. I want to get rid of that warning, which is annoying to all of us.

    Here is my question:

    - Can I buy 'Starter SSL' from registerfly.com (my registrar) for $16.99 to solve this problem?

    - If I buy an ssl cert, can I use if for the whole server, or is it just specific to xxx.domain.com? The server name is servername.domain.com - would I buy a cert for the whole server name, or could I just buy one for domain.com and have it cover all subdomains?


    - Is the WHM installation of SSL cert easy? It looks easy. Would it automatically apply to smtp w/ssl, or is there more configuration needed?

    thanks for any advice/tips, Dave
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You can indeed use a certificate for SSMTP and a search of the forums would tell you how to install it. Basically, you have to manually add the certificate to /etc/exim.key and /etc/exim.crt. It's best to use a cert that doesn't use an intermediary CA bundle.
     
  3. henker

    henker Well-Known Member

    Joined:
    May 1, 2003
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    ...and make sure you backup /etc/exim.key and /etc/exim.crt or even "chattr +i" them.
    *Every* exim upgrade overwrites them.
     
  4. dhecker

    dhecker Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    thanks and more questions..

    Thanks for this information! Would it be possible for me to use the Registerfly Starter SSL certificate for this purpose? (http://www.registerfly.com/ssl/index.php). I like that option because it's cheap and all of my other domains are there.

    Also, if I get the certificate for the name of my server (name.domain.com) would it also apply to mail.domain.com? How does that work..

    thanks again!
     
  5. henker

    henker Well-Known Member

    Joined:
    May 1, 2003
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Unless you purchase a wildcard cert, that won't work, so you should make sure the cert matches
    mail.domain.com .
     
  6. dhecker

    dhecker Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    how about

    could I make match it to the server name and ask the mail users to use that name instead of mail.domain.com?

    Is a wildcard cert any harder to deal with?

    thanks again!
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, you can simply get them to use the server domain. IMHO it would be best given the costs involved with wildcard certs.
     
Loading...

Share This Page