The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL email certificate issues, one IP address with multiple domains

Discussion in 'E-mail Discussions' started by JAWSC, May 19, 2016.

  1. JAWSC

    JAWSC Registered

    Joined:
    May 19, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Cali
    cPanel Access Level:
    Root Administrator
    Hello everyone, after reading through the related cpanel documentation (Please don't link me the three sections I just read Michael!) I'm having some trouble setting up my VPS and email with SSL certificates for our clients in Outlook. Sending and Receiving work if I accept the current self assigned certificate.

    I have multiple domains on my virtual server all one a single one (1) IP address.

    My question is what SSL certificate (mail.domain?) do I install where so I don't get an certificate error for Outlook mail?
    This is in regards to:

    In WHM - The non Apache Service SSL Certificate that handles "Calendar, cPanel, WebDisk, Webmail, and WHM Services".
    Our root SSL Certificate on the VPS (in WHM)
    Each domain needing it's own SSL Cert (Which should be supported since we are on CentOS 6)
    If I should leave "Enable SNI for Mail Services" checked or not (Confused if this means it would be using a different certificate)
    [Select the Enable SNI for Mail Services checkbox. Mail SNI configures mail services to use the domain's SSL certificate instead of the server's default certificate.
    Warning:
    Mail SNI is not compatible with Webmail and will not function for any Webmail connection. Webmail connections use the cPanel service SSL certificate.]

    Outlook settings:
    user@domain.com
    mail.domain.com (POP)
    mail.domain.com (SMTP)
    Ports 995 / 465 (SSL, SSL)

    Certificate is served from s###-###-##-###.secureserver.net (our VPS IP)

    VPS Info:
    CentOs 6.7
    Server Version: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4

    Many thanks in advance.
    -J
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,707
    Likes Received:
    658
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you verify if you have a specific signed SSL certificate you want to use for email services, or if you prefer to install signed SSL certificates to each domain name? Are you open to having users change the mail server name in their email client configurations?

    Thank you.
     
    JAWSC likes this.
  3. JAWSC

    JAWSC Registered

    Joined:
    May 19, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Cali
    cPanel Access Level:
    Root Administrator
    Yes, I am very open to changing our client Outlook settings! Either of the first two options sounds fine with me, just trying to avoid having to use an expensive wildcard to multi-level domain certificate.

    Michael, thanks for the response. The signed SSL Cert we want to use for email is currently mail.MYhosting.com however (obviously) if people go to webmail.MYhosting.com then obviously they get an SSL error.

    The issues to solve are:
    1) Fix webmail giving SSL error. I think I need to assign a webmail.MYhosting.com to the webmail service SSL (currently is mail.MYhosting.com)
    2) Enabling SSL in Outlook without errors for our domains (which are all on the same-IP)

    I know #2 has something to do with Mail SNI which is enabled, but I'm not positive on where/how and what domain names the SSL certs should be for. It seems like I would install a mail.THATdomain.com on each domain via cPanel but I'm not positive.

    I've attached some pictures which I hope will help. Thank you for your time and response where I'm learning.
    -J

    DNS Zone: http://i.imgur.com/XbimRdp.png
    Service SSL: http://i.imgur.com/RNmOD0L.png
    SSL Hosts: http://i.imgur.com/azF8kAS.png
     

    Attached Files:

  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,707
    Likes Received:
    658
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    1. There are two scenarios to consider. One, access attempts via the proxy subdomains feature (webmail.domain.com). Your SSL options for this scenario are documented at:

    Proxy Subdomains Use the cPanel Service SSL - cPanel Knowledge Base - cPanel Documentation

    As for access attempts to domain.com/webmail, you can manage the SSL certificate used for these attempts by modifying the settings under the "Redirection" tab in "WHM >> Tweak Settings".

    2. You can install a SSL certificate for each domain name and enable the Mail SNI functionality documented at:

    Manage SSL Hosts - Documentation - cPanel Documentation

    Thank you.
     
Loading...

Share This Page