SSL access to webmail without using port 2096 and with signed wildcard hostservercert

lorio

Well-Known Member
Feb 25, 2004
309
17
168
cPanel Access Level
Root Administrator
I have read a few thread about the proxy for webmail cpanel etc. and participated in a few ones over the time.

If you know a thread where the following is already discussed let me know and we can delete this thread.

Current situation (correct my if i am wrong):

You can install a cert for every account.
You can access webmail cpanel webdisk etc. via proxy via port80
You need one IP per account.

You can install a wildcard cert or a cert for every service "cPanel/WHM/Webmail Service", MTA/SMTP, IMAP, FTP to allow "easy" access via hostserver.domain.tld to these services.

The accounts holder will e.g. not use their domain name in thunderbird but the hostname.domain.tld as pop3/smtp to prevent cert mismatch.

But they cannot access the cpanel/webmail/webdisk via the hostserverdomain without using ports via the cert of the hostserverdomain.

If you install a cert per customer you cannot get the services MTA/SMTP IMAP FTP via proxy (out of the box) which won't pop up the cert mismatch.

So there isn't a way (out-of-the-box) to prevent a cert/hostname mismatch and preventing using ports on secure webaccess either way.

The concept of every access via the cert of account domain name seems to filed with this feature request:
http://forums.cpanel.net/f145/ssl-certificate-per-domain-all-services-200492.html

The other way around. Access via one hostdomainname and one cert ist perhaps also filed somewhere.

If you think I missed the solution and I'm just too dumb please don't hesitate to tell me ;-)