The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Using TLS with cPanel 11

Discussion in 'E-mail Discussions' started by jerrek71, Jan 16, 2008.

  1. jerrek71

    jerrek71 Active Member

    Joined:
    Jul 27, 2006
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    6
    I've struggled this morning to get my exim MTA to accept TLS connections. Given that Outlook (which I'm sad to say is my e-mail client) gives some of the most unhelpful error messages known to mankind, I had to go digging at the SMTP level to see what was going on.

    Firstly, exim was not advertising the STARTTLS command to my client - despite that the exim.conf had tls_advertise_hosts = * in it. I can only assume it was in the wrong place, because when I added it again myself using the exim configuration editor and put it in the top input box, the STARTTLS was advertised for me.

    Secondly, once I had done that, I tried sending again, and got a different, cryptic error from Outlook. This time when I used SMTP to try to start tls, it told me '454 TLS currently unavailable'. So I was puzzled...

    Checking exim_mainlog revealed that exim did not have permissions to read the key file. Useful since this was all setup automatically by cPanel! I tried playing around with the permissions after following the 2 levels of symlinks to get there. No amount of changing permissions seemed to work so I surmised that perhaps exim is refusing to read them because they're symlinks and not real files.

    So I copied the .crt and the .key file from /usr/share/ssl/certs and /usr/share/ssl/private respectively and restarted exim.

    Now I can successfully send using TLS

    My only concern is that when my certificates expire I now need to remember to manually copy them across to /etc/exim.crt and /etc/exim.key (but hopefully when I'm searching I will come across this thread of mine and I'll rememeber - hee hee)

    But anyway, hopefully this thread also helps someone else who's struggling with TLS to sort it out quickly. And maybe cPanel can have a look at why it didn't work in the first place ;-)
     
  2. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    I used the built-in "Manage Service SSL Certificates" feature in WHM to accomplish the same thing. Or am I trying to simplify this?

    - Scott
     
  3. jerrek71

    jerrek71 Active Member

    Joined:
    Jul 27, 2006
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    6
    Hmmm, it's possible that would have done the same thing... My exim.crt and exim.key were symlinked to the web server's key and cert... But, having said that, I wonder if that's a hangover from cPanel 10 then - I don't remember the Manage Service SSL Certificates being available in CP10?

    I'm glad I posted now though, cos at least in future I'll know how to do it properly! :D

    Having said that, I don't think the Manage SSL Certificates would have fixed the strangeism with the exim.conf?
     
    #3 jerrek71, Jan 16, 2008
    Last edited: Jan 16, 2008
  4. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Definitely was goofy in cPanel 10, made much easier in cPanel 11. Not sure if it would have helped or not, but I would have started there. :)

    - Scott
     
  5. jerrek71

    jerrek71 Active Member

    Joined:
    Jul 27, 2006
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    6
    I think half my troubles have been because I've upgraded from cPanel 10 :)

    Though to be honest, now that I've done it, I'm SO glad I did. Web pages in particular load SO much quicker with Apache 2 - and the Tomcat integration with easyapache3 was well worth the upgrade pain on its own.

    I might slight cPanel on occasions (usually after a long day trying to upgrade - lol) but I have to say, in general it is extremely good, and significantly (I can't stress that enough!) more stable than the other couple of control panels I've in the past used.
     
  6. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    I had Tomcat working on cPanel 10, and it died during the conversion to cPanel 11, and I still can't get it going. I have an open ticket with cPanel on that project. Glad you made out better. :)

    - Scott
     
  7. jerrek71

    jerrek71 Active Member

    Joined:
    Jul 27, 2006
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    6
    Ah, that'd be because I wasn't using Tomcat on cPanel 10 - so it didn't have anything to upgrade there!!

    I used mod_proxy and JBoss under cPanel 10 (mostly because I was doing some EJB work at the time and needed a full on app server - having discovered Spring and Hibernate I can now use Tomcat without the need for a full app server).

    Drop me a PM if I can be of any help with TC.
     
Loading...

Share This Page