The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL cert warning when opening mail client

Discussion in 'Security' started by nitdna, Nov 14, 2013.

  1. nitdna

    nitdna Member

    Joined:
    Nov 13, 2013
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi

    I have a lot of users receiving this security warning about the SSL certificate when opening their mail client (most use Outlook 2010):
    The server you are connected to is using a security certificate that cannot be verified.
    The target principal name is incorrect.

    The main domain used for this VPS is listed in the certificate, ourdomain.com.au.
    Users have their own domain for the incoming mail server: mail.theirdomain.com.au for example.
    Both domains point to the same IP address - the shared IP for the server.

    Could someone advise on how to go about having the principal name error resolved without having to change all the incoming mail servers? Is there something I can do on the server with the SSL certificate for the domains?
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    I think you are using self signed SSl certificate for your mail services and due to that you are getting this issue when you trying to connect your mail server using SSL connection. You will have to install SSL certificate for your mail services through WHM : Manage Service SSL Certificates
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can install a signed certificate for each service via:

    "WHM Home >> Service Configuration >> Manage Service SSL Certificates"

    However, in addition, the users will need to use the hostname that you install the certificate for in their email client to avoid seeing those types of warning messages.

    Thank you.
     
  4. nitdna

    nitdna Member

    Joined:
    Nov 13, 2013
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks Guys

    The following services have already got the signed certificate applied to them:
    FTP Server
    Exim (SMTP) Server
    Dovecot Mail Server
    cPanel/WHM/Webmail Service

    So, if there are numerous (talking around 80) accounts that are all hosting mail and all have different domain names, do the users for each domain have to use the main hostname or is there a way they can use their domain (mail.theirdomain.com.au) for the incoming mail server using this certificate?
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    As far as I know only one SSL can be installed for the non-apache services. Likely the users will need to use the hostname to avoid a cert mis-match warning.
     
  6. nitdna

    nitdna Member

    Joined:
    Nov 13, 2013
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    OK, so upon further investigation, the incoming mail server does need to use the hostname - so that answers that, thanks.

    Found that even though this is now set correctly, the certificate for the hostname is still using an old certificate.
    The one that is listed as being apllied to the services listed above is not the certificate being used when connecting to the mail server.

    Under "WHM Home -> SSL/TLS -> Manage SSL Hosts" the IP address and doamin are listed correctly with correct certificte.
    It is also set as the shared certificate (not sure if this makes any difference).

    So this signed certificate is set for the sevices and the domain, yet when connecting to this it is trying to use the original self signed certificate. Is there another section I need to check?
     
  7. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Manage SSL Hosts only handles Apache. You need to reapply the cert in the Manage Service SSL Certificates area Michael mentioned. I know you said you already did this, so try re-installing it and restarting the service.
     
  8. nitdna

    nitdna Member

    Joined:
    Nov 13, 2013
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    OK, will re-install and restart service and let you know, thanks.

    - - - Updated - - -

    That has done the trick! Thanks for your help and time!
    So steps taken for those who may be intereseted...
    - Under "WHM Home >> Service Configuration >> Manage Service SSL Certificates"
    - Reset the certificate for the services - this removes the current cert and replaces it with a self-signed one.
    - Install the certificate for the services (the signed one).
    - Restarted the services.
    It is now using the correct certificate.
     
Loading...

Share This Page