The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL email problem :2096 - "Security Alert"

Discussion in 'Security' started by telma, Mar 6, 2005.

  1. telma

    telma Registered

    Joined:
    Feb 19, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    when trying to access email via https://domain.com:2096 using the SSL secure connection, a "Security Alert" (in IE) pops ups (pictured below) mentioning amoing other things.. "The name on the security certiificate is valid or does not match the name of the site. Do you want to proceed". I get a similar warning in Firefox as well. When I click yes to proceed everything works fine though. This happens for all my cpanel accounts and for all other people using cpanel I have spoken to.

    [​IMG]

    What is the cause of this security alert popping up, and what way can it be fixed so it does not appear?

    When I click to "View Certificate" it says the certificate is "Issued to: localhost.localdomain". Under "Certificate Information" it has "This CA root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Ceritification Authorities store."
     
    #1 telma, Mar 6, 2005
    Last edited: Mar 6, 2005
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    it is a a self signed cetificate and even if it was a valid cetificate it would be under the servers hostname and you would still get the error to get rid of the error accept the certificate pemanately with your browser IE click veiw cetificate and under the general tab click the accept button
     
  3. telma

    telma Registered

    Joined:
    Feb 19, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    thanks for the explanation dalem.

    However, I dont care about the security alert for my personal email, but for clients using email accounts off my web services some would be initimidated by having to "accept the certificate pemanately with your browser IE click veiw cetificate and under the general tab click the accept button". I dont want to have to explain to each email user why this alert happens, how to accept the certificate permanently and why to trust it.

    I really hope there is a fix for this problem so email users never have to encounter the secuirty alert when accessing their email via SSL. Surely there is a better way??
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You can always use the insecure webmail link:

    http://domain.com:2095

    Otherwise, this is just the way self-signed certificates work. You might be able to purchase a secure certificate for your server name and install it on your server and then direct your customers to go to https://servername.com:2096. I'm not sure if that would work or not, you might want to get some other opinions before you purchase a certificate.
     
  5. telma

    telma Registered

    Joined:
    Feb 19, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I would be happy to go down this route if need be. If anybody has ideas on how this may or may not work, I would be most happy to hear.
     
  6. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    if you are the server owner it will work just fine

    me pesonally I do not worry about it I do not use my servers hostname(s) for ecomerce and most people ( and i use that loosely ) understand what SSL is for and how it works
     
  7. telma

    telma Registered

    Joined:
    Feb 19, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    ok great so purchasing a signed SSL cerificate for each domain will make this secuirty warning disappear..can anyone give a definite confirmation that this will work?
     
  8. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    no that will not work (it would be an expensive proposition if it did)

    Cpanel/WHM/Webmail uses the servers Hostname to connect via stunnel
     
    #8 dalem, Mar 6, 2005
    Last edited: Mar 7, 2005
  9. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    It'll be cheaper and easier if you were to just get people to go to https://server.hostname:2096 - you'll only need one SSL then.
     
Loading...

Share This Page