The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Certificate for WHM Services (SMTP, POP3, Webmail, etc.)

Discussion in 'Security' started by Blakles, Jul 19, 2012.

  1. Blakles

    Blakles Member

    Joined:
    Mar 9, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Users are receiving this warning when trying to send email from Outlook/Entourage, "The server you are connected to is using a security certificate that could not be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."

    I am trying to make this go away, but am having trouble figuring out how to go about this because:
    a) The same domain name is used for the nameservers, server name, and main cpanel account
    b) The dedicated IP address is used for the first nameserver and the main cpanel account which has an SSL cert

    Name Server 1: ns1.domain.com -> IP xx.x.xxx.01
    Name Sever 2: ns2.domain.com -> IP xx.x.xxx.02

    Host Name: server.domain.com
    cPanel Account: www.domain.com -> IP xx.x.xxx.01 with SSL cert for www.domain.com

    From what I can tell, I can make this Outlook/Entourage warning go away if I purchase a certificate from a well-known CA for server.domain.com. My questions are...

    1) Do I need to generate a different key for server.domain.com rather than using the key from www.domain.com? If so, how/where do I do this?
    2) Is it okay that the server is using the same IP as the cpanel account with an SSL cert for the www.domain.com? If not, how can I resolve this?

    Any help is much appreciated. Thanks.
     
  2. fugtruck

    fugtruck Member

    Joined:
    Apr 27, 2010
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    My opinion is that if you just need to trust your own server, using the self-signed certificate is sufficient. If you want other people to trust you, you'll want a certificate from a well-known CA.
     
  3. Blakles

    Blakles Member

    Joined:
    Mar 9, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Yes, I agree with you. I know I need a certificate from a well-known, trusted CA such as Trustwave, RapidSSL, etc. What I am having trouble with is finding the answers to these two questions:

    1) Do I need to generate a different key for server.domain.com rather than using the key from www.domain.com? If so, how/where do I do this?
    2) Is it okay that the server is using the same IP as the cpanel account with an SSL cert for the www.domain.com? If not, how can I resolve this?
     
  4. Randy Walter

    Randy Walter Registered

    Joined:
    Aug 31, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Bremen, Indiana, United States
    cPanel Access Level:
    DataCenter Provider
    Did you ever get an answer for this? we are working on the same issue here. we have mutliple domains, on our cpanel sever and we are wondering if we can possibly get a wildcard cert for our main domain and either redirect the customers webmail to our server, or cname to it.



     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You can use a wildcard certificate for the domain and hostname and then install the wildcard certificate in WHM > Manage Service SSL Certificates for the hostname. The Manage Service SSL Certificates area handles cPanel/WHM/Webmail, Dovecot, Courier and FTP services and is where any purchased SSL should be installed.
     
  6. Randy Walter

    Randy Walter Registered

    Joined:
    Aug 31, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Bremen, Indiana, United States
    cPanel Access Level:
    DataCenter Provider
    and that will allow us to use
    www.customerdomain.com/webmail and redirect it to webmail.ourdomain.com,

    or make a cname for
    webmail.customerdomain.com
    pointing to webmail.ourdomain.com? with one wildcard cert?
     
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If the user hits https on their domain prior to hitting the SSL on the webmail service that has the wildcard or hostname SSL, then they will receive an untrusted warning initially. The user would have to hit only the SSL certificate on the correct domain that has been installed in WHM > Manage Service SSL Certificates.
     
Loading...

Share This Page