SSL Certificate for WHM Services (SMTP, POP3, Webmail, etc.)

Blakles

Member
Mar 9, 2012
10
0
51
cPanel Access Level
Root Administrator
Users are receiving this warning when trying to send email from Outlook/Entourage, "The server you are connected to is using a security certificate that could not be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."

I am trying to make this go away, but am having trouble figuring out how to go about this because:
a) The same domain name is used for the nameservers, server name, and main cpanel account
b) The dedicated IP address is used for the first nameserver and the main cpanel account which has an SSL cert

Name Server 1: ns1.domain.com -> IP xx.x.xxx.01
Name Sever 2: ns2.domain.com -> IP xx.x.xxx.02

Host Name: server.domain.com
cPanel Account: www.domain.com -> IP xx.x.xxx.01 with SSL cert for www.domain.com

From what I can tell, I can make this Outlook/Entourage warning go away if I purchase a certificate from a well-known CA for server.domain.com. My questions are...

1) Do I need to generate a different key for server.domain.com rather than using the key from www.domain.com? If so, how/where do I do this?
2) Is it okay that the server is using the same IP as the cpanel account with an SSL cert for the www.domain.com? If not, how can I resolve this?

Any help is much appreciated. Thanks.
 

fugtruck

Member
Apr 27, 2010
21
0
51
1) Do I need to generate a different key for server.domain.com rather than using the key from www.domain.com? If so, how/where do I do this?
My opinion is that if you just need to trust your own server, using the self-signed certificate is sufficient. If you want other people to trust you, you'll want a certificate from a well-known CA.
 

Blakles

Member
Mar 9, 2012
10
0
51
cPanel Access Level
Root Administrator
My opinion is that if you just need to trust your own server, using the self-signed certificate is sufficient. If you want other people to trust you, you'll want a certificate from a well-known CA.
Yes, I agree with you. I know I need a certificate from a well-known, trusted CA such as Trustwave, RapidSSL, etc. What I am having trouble with is finding the answers to these two questions:

1) Do I need to generate a different key for server.domain.com rather than using the key from www.domain.com? If so, how/where do I do this?
2) Is it okay that the server is using the same IP as the cpanel account with an SSL cert for the www.domain.com? If not, how can I resolve this?
 

Randy Walter

Registered
Aug 31, 2012
2
0
1
Bremen, Indiana, United States
cPanel Access Level
DataCenter Provider
Did you ever get an answer for this? we are working on the same issue here. we have mutliple domains, on our cpanel sever and we are wondering if we can possibly get a wildcard cert for our main domain and either redirect the customers webmail to our server, or cname to it.



Yes, I agree with you. I know I need a certificate from a well-known, trusted CA such as Trustwave, RapidSSL, etc. What I am having trouble with is finding the answers to these two questions:

1) Do I need to generate a different key for server.domain.com rather than using the key from www.domain.com? If so, how/where do I do this?
2) Is it okay that the server is using the same IP as the cpanel account with an SSL cert for the www.domain.com? If not, how can I resolve this?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
41
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
You can use a wildcard certificate for the domain and hostname and then install the wildcard certificate in WHM > Manage Service SSL Certificates for the hostname. The Manage Service SSL Certificates area handles cPanel/WHM/Webmail, Dovecot, Courier and FTP services and is where any purchased SSL should be installed.
 

Randy Walter

Registered
Aug 31, 2012
2
0
1
Bremen, Indiana, United States
cPanel Access Level
DataCenter Provider
You can use a wildcard certificate for the domain and hostname and then install the wildcard certificate in WHM > Manage Service SSL Certificates for the hostname. The Manage Service SSL Certificates area handles cPanel/WHM/Webmail, Dovecot, Courier and FTP services and is where any purchased SSL should be installed.
and that will allow us to use
www.customerdomain.com/webmail and redirect it to webmail.ourdomain.com,

or make a cname for
webmail.customerdomain.com
pointing to webmail.ourdomain.com? with one wildcard cert?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
41
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
If the user hits https on their domain prior to hitting the SSL on the webmail service that has the wildcard or hostname SSL, then they will receive an untrusted warning initially. The user would have to hit only the SSL certificate on the correct domain that has been installed in WHM > Manage Service SSL Certificates.