The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wrong SSL certificate returned on SMTP TLS connections

Discussion in 'Security' started by Webdew, Jun 12, 2017.

  1. Webdew

    Webdew Registered

    Joined:
    Jun 18, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I have an issue where it appears that when making a secure connection to a cpanel server for SMTP the wrong SSL cert is returned stopping the mail client from sending. Incoming is OK.

    Setup.

    I have a WHM server as hosting.domain.com
    I have a client with cpanel on clientdomain.com
    I have Auto SSL enable for both domains via Lets encrypt.

    I have tried with both Outlook 2010 and outlook 2007 (different machines, connections but same OS windows 10) and have the same issue.

    Connection type IMAP or POP3 - both tested (same outgoing port 465).

    When I use a browser and try connecting to a secure URL (obviously port 443 though) the returned certificates are trusted. For example.
    https://cpanel.clientdomain.com
    https://mail.clientdomain.com
    https://www.clientdomain.com

    When the client brought up the issue I noticed his Outlook 2007 on opening kept asking for the cert to be accepted as the name did not match even though it was configured to use mail.clientdomain.com. Accepting the cert allowed mail in, but sending timed out.

    I ended up trouble shooting this down to the Subject Alternative Name on the certificate being returned with cpanel.clientdomain.com listed first - and a MS document adv that Outlook 2007 will not check the other SAN's entries beyond the first throwing that old client a red flag about the validity of the returned certificate. I then set the mail incoming and outgoing in the client to cpanel.clientdomain.com and received not further warning on first opening Outlook. However I still can't send mail.

    Incoming 995, Outgoing 465 as adv by the cpanel settings.

    Incoming is fine.
    Outgoing then hangs and times out with 'no response form the server'

    However when setting up an account on another PC using Outlook 2010 I received a certificate error on the SMPT connection in this case it is advising the returned certificate is in fact from hosting.domain.com (the WHM server name) and not the client (clientdomain.com) certificate at all. So a valid warning, and at this point I'm assuming Outlook 2007 hits the same error but is not advising of it and just timing out.

    This doesn't seem right and I suspect I have a misconfiguration somewhere on the WHM server though how it only affects the outgoing connection and not the incoming has me at a loss.

    Other points.
    • This client started having this issue a few weeks ago (was fine before then).
    • They haven't changed ISP or connections - but I have effectively tested the issue from 3 devices over 4 different network connections - so I don't think its routing.
    • Last week I migrate his account from one Cpanel server to another thinking that this may help in some way (ie if it is a routing issue or forcing the certs to be re-recreated). I have also deleted and re requested the Lets Encrypt certs a few times on the new server to see it that helps.
    • Oddly I'm not aware of any other users/domains on that server having any issues at all. Though this is my new server and it has very low utilisation right now. However his issue began on another server altogether that is heavily used.
    • This client though has 2 domains on separate accounts, on this server, that both have the same problem.
    • Since the client ISP blocks port 25, his device is a laptop and he is mobile with it so I can't rely on 25 being available so I have to and prefer use of a secure connection. Outlook 2010 advises that SSL is not supported on the new cPanel server - so I'm only trying on the TLS connection type.
    Any assistance or direction appreciated.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    When configuring the mail server name for outgoing connections in Outlook for the affected user, do you experience the same issue if you use the server's hostname as the mail server name?

    Thank you.
     
Loading...

Share This Page