The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Webmail Per Domain Name (with) Redirect to Original Domain Name

Discussion in 'E-mail Discussions' started by Drake, Jul 19, 2011.

  1. Drake

    Drake Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Hello Everyone,

    Been a while since I posted. Hope everybody's doing fine.

    OK, straight to the issue. Apology for detailed explanation.

    How to ???

    SSL Webmail, Per Domain --with-- Redirect staying as Original Domain's URL?

    Scenario:

    I have a customer who has an SSL certificate installed on their domain for the website storefront.

    The SSL Cert. includes both www. good-customer.com or good-customer.com

    Customer's website works fine with SSL in all ways, with all subdirectories. (such as https:// www. good-customer.com, or ...good-customer.com/sales, and whatever.

    The customer uses webmail heavily. They access webmail by https:// www .good-customer.com/webmail and they receive receive the SSL browser warning from hostname mismatch.

    The server has a genuine SSL certificate installed for the various services and when the services (webmail, cpanel, etc) are accessed using the "hostname" option in Main >> Service Configuration >> Manage Service SSL Certificates Redirects.

    When the good customer browses to https:/ /www. good-customer.com/webmail, they want to maintain their URL throughout the webmail session, not my server's hostname https:// server7.duraserver.net (but have no SSL Cert warning)

    If I set the Main >> Service Configuration >> Manage Service SSL Certificates is set to redirect to the "Original Domain Name" they get their own https:// www. good-customer.com/webmail (redirected to https:// www. good-customer.com:2096/webmail/x3/?login=1) but With an SSL mismatch warning. Viewing the actual Cert. details, the Cert. that is being delivered is the one for server7.duraserver.net ...Even though they have a valid SSL Cert for their https:// www. good-customer.com domain, AND I set the Redirect to go to the "Original Domain Name".

    How can this be? If their webmail is being reached through https:// www. good-customer.com/webmail :)2096) I know this answer.

    Some folks would think that Apache is actually serving the "/webmail" contents. But I know that " :2096" is not served by Apache, it's served by Cpanel's daemon.

    Since this "webserver7" has many customers on it, I can't globally install "good-customer.com's" SSL Cert for the cPanel services because all other regular-customers would have to use that good-customer's URL to get a warning free SSL webmail connection.

    Am I to understand that each separate SSL website customer can't have their own valid SSL Cert for their own Webmail + cPanel services? That would be pretty ``lacking`` wouldn't it?

    However, in "Service Configuration >> Manage Service SSL Certificates" there is no option for installing multiple certificates on a Per-Domain basis for the cPanel services. Am I correct about this?

    If I'm correct in my assumption, then once the "Redirect" happens, Apache is no longer the serving daemon, and the cPanel serving daemon takes over from there. Thus the "Original Domain Name URL" is just a fictitious rewrite?

    My customers do like my domain name.... for emailing me, however they don't want it showing up in their website address bars, not to mention my resellers. (I'm not really concerned about individual customer-domain SSL certs for POP, SMTP, IMAP. Those settings are not in front of peoples' faces all day)


    Alternative? Has anyone used Apache to act as a "proxy" to access the local cPanel services from the outside world via an SSL Website URL? I'm open to anyone's config. suggestions or past experiences with Apache proxying into local cPanel services.

    Any other ideas for multiple, independent customer domain name SSL Certs for the cPanel services, especially webmail?

    Thanks in advance,
    Drake @
    Duraserver Tech.
     
    #1 Drake, Jul 19, 2011
    Last edited: Jul 20, 2011
  2. Drake

    Drake Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Maybe we have self answered this issue by trying some different combinations of things.

    I posted back our own answer to our own question so maybe it can help some other folks.

    So far, it seems that the good-customer can actually access webmail via https: (and) still maintain his own domain name's url in the address bar throughout the entire webmail session (and) have this connection served up with "his own" website SSL certificate. This includes using the webmail subdomain.

    A few conditions needed to be met:

    >> In WHM's Redirects, it must be set to "the original domain name"
    >> They must browse to https:// webmail.good-customer.com
    >> Good-customer must have his SSL certificate issued to include the "webmail" subdomain as well as his www. and plain second-level http: domain name.

    Now we will need to check if this solution works on some of the other servers & customers; and keeps working as cPanel versions become updated.

    This method also seems to also hold true for accessing his cpanel, maintaining his own domain url, his own SSL certificate, and no mismatch error. However, once again, his SSL certificate must also include the subdomain "cpanel" when issued.

    Certainly the customer could purchase a * wildcard SSL certificate for *.good-customer.com/* but if the customer doesn't want to pay for a wildcard SSL certificate, some SSL certificate distributors will offer a "multi" subdomain certificate that is limited to a certain number of subdomains, which is cheaper than a *wildcard that is unlimited. Almost like a "limited wildcard" certificate, if that description is fitting.

    If I am incorrect with my findings, anyone please smack me for it in a reply.

    Drake @
    Duraserver Dech.
     
Loading...

Share This Page