SSL Certificate for WHM Services (SMTP, POP3, Webmail, etc.)

[Blakles]

Users are receiving this warning when trying to send email from Outlook/Entourage, "The server you are connected to is using a security certificate that could not be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."

I am trying to make this go away, but am having trouble figuring out how to go about this because:
a) The same domain name is used for the nameservers, server name, and main cpanel account
b) The dedicated IP address is used for the first nameserver and the main cpanel account which has an SSL cert

Name Server 1: ns1.domain.com -> IP xx.x.xxx.01
Name Sever 2: ns2.domain.com -> IP xx.x.xxx.02

Host Name: server.domain.com
cPanel Account: www.domain.com -> IP xx.x.xxx.01 with SSL cert for www.domain.com

From what I can tell, I can make this Outlook/Entourage warning go away if I purchase a certificate from a well-known CA for server.domain.com. My questions are...

1) Do I need to generate a different key for server.domain.com rather than using the key from www.domain.com? If so, how/where do I do this?
2) Is it okay that the server is using the same IP as the cpanel account with an SSL cert for the www.domain.com? If not, how can I resolve this?

Any help is much appreciated. Thanks.

 

[fugtruck]

1) Do I need to generate a different key for server.domain.com rather than using the key from www.domain.com? If so, how/where do I do this?

My opinion is that if you just need to trust your own server, using the self-signed certificate is sufficient. If you want other people to trust you, you'll want a certificate from a well-known CA.

 

[Blakles]

My opinion is that if you just need to trust your own server, using the self-signed certificate is sufficient. If you want other people to trust you, you'll want a certificate from a well-known CA.

Yes, I agree with you. I know I need a certificate from a well-known, trusted CA such as Trustwave, RapidSSL, etc. What I am having trouble with is finding the answers to these two questions:

1) Do I need to generate a different key for server.domain.com rather than using the key from www.domain.com? If so, how/where do I do this?
2) Is it okay that the server is using the same IP as the cpanel account with an SSL cert for the www.domain.com? If not, how can I resolve this?

 

[Randy Walter]

Did you ever get an answer for this? we are working on the same issue here. we have mutliple domains, on our cpanel sever and we are wondering if we can possibly get a wildcard cert for our main domain and either redirect the customers webmail to our server, or cname to it.

Yes, I agree with you. I know I need a certificate from a well-known, trusted CA such as Trustwave, RapidSSL, etc. What I am having trouble with is finding the answers to these two questions:

1) Do I need to generate a different key for server.domain.com rather than using the key from www.domain.com? If so, how/where do I do this?
2) Is it okay that the server is using the same IP as the cpanel account with an SSL cert for the www.domain.com? If not, how can I resolve this?

 

[cPanelTristan]

You can use a wildcard certificate for the domain and hostname and then install the wildcard certificate in WHM > Manage Service SSL Certificates for the hostname. The Manage Service SSL Certificates area handles cPanel/WHM/Webmail, Dovecot, Courier and FTP services and is where any purchased SSL should be installed.

 

[Randy Walter]

You can use a wildcard certificate for the domain and hostname and then install the wildcard certificate in WHM > Manage Service SSL Certificates for the hostname. The Manage Service SSL Certificates area handles cPanel/WHM/Webmail, Dovecot, Courier and FTP services and is where any purchased SSL should be installed.

and that will allow us to use
www.customerdomain.com/webmail and redirect it to webmail.ourdomain.com,

or make a cname for
webmail.customerdomain.com
pointing to webmail.ourdomain.com? with one wildcard cert?

 

[cPanelTristan]

If the user hits https on their domain prior to hitting the SSL on the webmail service that has the wildcard or hostname SSL, then they will receive an untrusted warning initially. The user would have to hit only the SSL certificate on the correct domain that has been installed in WHM > Manage Service SSL Certificates.