The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Remove Self-Signed SSL?

Discussion in 'Security' started by Ian Durey, Aug 1, 2017.

Tags:
  1. Ian Durey

    Ian Durey Registered

    Joined:
    Aug 1, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Regina, SK
    cPanel Access Level:
    DataCenter Provider
    I'm not sure if this belongs in Email or Security.

    I have a server with Auto-SSL certs but when I connect to port 993 with ThunderBird the cert being served is the self-signed generic server cert, not the AutoSSL cert. The correct cert shows up on the web domain. How do I replace the TLS/SSL email cert? It feels like I'm overlooking something obvious but I can't find it.
     
  2. Eminds

    Eminds Well-Known Member

    Joined:
    Nov 10, 2016
    Messages:
    175
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    login to whm >> manage ssl hosts there you can see which SSL being used by your mail server . you can remove the self signed ssl from there and reapply the SSL again.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Ian Durey,

    Can you review the settings in your email client and verify it's setup with "mail.domain.tld"? Also, check to verify "mail.domain.tld" is listed under the "Domains" column for the certificate associated with the domain name in "WHM >> Manage SSL Hosts".

    Thank you.
     
  4. Ian Durey

    Ian Durey Registered

    Joined:
    Aug 1, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Regina, SK
    cPanel Access Level:
    DataCenter Provider
    Thanks for your reply. I did confirm the email client is connecting to mail.domain.tld and that cert is listed under the Domains section in Manage SSL Hosts and I have removed all self-signed certificates from that area.

    I noticed in SSL Storage Manager there are still some self-signed certificates listed under User Account SSL Resources but the AutoSSL certificates are listed under Apache's Installed SSL Resources. Maybe Mail/TLS is using the User Account SSL instead of the Apache ones?
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's possible this is related to the email client storing the older certificate locally. Can you reproduce the issue with a different email client, or see if clearing the existing SSL data in Thunderbird solves the issue?

    Thank you.
     
  6. Ian Durey

    Ian Durey Registered

    Joined:
    Aug 1, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Regina, SK
    cPanel Access Level:
    DataCenter Provider
    Hi again,

    Thanks for your help, I figured it out. There was a mismatch between the email address and the certificate. Just in case someone else comes across this:

    server contains two domains: domain1.tld and domain2.tld

    username@domain1.tld is a valid email account on the server but domain1.tld is still hosted on another server (pre-migration)

    domain2.tld is a fully hosted on this server and has a valid AutoSSL cert
    domain1.tld only has a self-signed cert

    Connecting with the email account username@domain1.tld to the server mail.domain2.tld seems to pull the self-signed cert for domain1.tld instead of the one for mail.domain2.tld.

    Solution was to delete the account username@domain1.tld and create username@domain2.tld. Seems obvious in hindsight.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I'm happy to see you were able to solve the issue. Thank you for updating us with the outcome.
     
Loading...

Share This Page