The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wildcard SSL certificate not working for email

Discussion in 'E-mail Discussions' started by cyberchimps, May 29, 2012.

  1. cyberchimps

    cyberchimps Member

    Joined:
    Mar 18, 2011
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I purchased a wildcard SSL certificate for one of the domains on our server thinking it would also cover the mail.domain.com as well. That account is running on a dedicated static IP and our server is using a shared IP. After getting that SSL cert installed for that domain I discovered that the mail server is still using the shared IP of the server so my presumptions were obviously false.

    I did some searching around and found out that you can install certs for individual services (IMAP, POP, SMTP, FTP), but that just raised more questions than answers for me.

    Seeing as the server is using a shared IP can I still install certificates for these services so our mail server won't generate a warning? I was under the impression that SSL certs require a non-shared IP. Also, would I have to use unique certificates for each service (POP, IMAP, etc)?

    Furthermore, accessing domain.com:2083 for cPanel is also throwing warnings saying the cert cannot be verified.

    Any help/documentation you could refer me to would be very helpful, thank you.
     
    #1 cyberchimps, May 29, 2012
    Last edited: May 29, 2012
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The non-Apache services using SSL certificates are handled in WHM > Manage Service SSL Certificates area. This includes cPanel/WHM/Webmail, FTP, Dovecot / Courier, and Exim. If the certificate is not for the main hostname of the machine or a wildcard off the main domain which has the hostname, then you would not want to install it there for that domain. Of note, only one SSL can be installed for each of these non-Apache services at this current time.
     
  3. cyberchimps

    cyberchimps Member

    Joined:
    Mar 18, 2011
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for the response, this is starting to make sense for me now. Perhaps if I explain the exact setup I have going on here you can help point me in the right direction.

    The server's hostname is centos and the main IP we'll call IP1. IP1 has a couple cpanel accounts using it in addition to being the access point to WHM/cPanel. IP2 is a second dedicated static IP we got from Rackspace (our hosting company) to use for the main website we run on this server. This is the domain I got the wildcard SSL cert for thinking it would cover mail.domain.com

    Our hosts file is as follows (I keep changing it but the second line keeps getting overridden by some service so perhaps this file isn't set up properly either).

    127.0.0.1 localhost localhost.localdomain
    # IP2 centos centos
    IP1 centos centos

    So to summarize the IP usage:

    IP1 shared server IP, used to access cPanel/WHM and hosts two cPanel accounts
    IP2 dedicated static IP used for the cpanel account that hosts our company website, has wildcard SSL cert installed.

    Now that I've explained the setup, how can I go about getting these non-Apache services using SSL certificates? How I can I get an SSL certificate for IP1 seeing as it's currently being shared? One of the cpanel accounts using the shared IP can be deleted but we need the other one and now I can't move it to IP2 because of the SSL cert being used for the domain on that cpanel account.

    Do I essentially need a third IP to use for everything else so the server's primary IP can be free to use for SSL or is there a way around this?

    Also, if I can get an SSL cert for IP1 can that cert be used for all services? Does that have to be a wildcard cert as well?

    Thank you very much for your help.
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The service non-Apache SSLs in WHM > Manage Service SSL Certificates uses the shared IP of the machine and that machine's hostname. You do not need a dedicated IP for it and, in fact, it won't use a dedicated IP. These services would normally be using the hostname SSL. You'd install an SSL for the hostname there, which if the wildcard also covered the hostname (centos.yourmaindomain.com) could be used.
     
Loading...

Share This Page