cPanel / Webmail without nonstandard ports but with SSL

lorio

• October 22, 2013 07:09

Since Cpanel thinks this old thread is outdated: you can get a screen: "Connection Selection ..." If you are not behind a firewall that blocks port 2096 Enter Here Problem is that if the port is blocked you are redirected to the local domain with https. So without the port there is no proxydomain for the hostdomain which would use the wildcard ssl cert. That situation is unchanged for years. What missing is a way to redirect to a account which just provides proxydomains covered by the wildcard cert of the host. Since the same problem is with cpanel webdisk etc. I wonder why nobody seems to have a problem with this. Are customers eager to pay for their own ssl cert but to get told EXIM,Courier,Dovecot are not accessible via your cert. You have to use the host cert. Accessing controlpanel and webmail without special ports is important. SSL a must. If you get your customer to pay for a cert they don't want to use or remember a different domainname as mailserver. The current situation is incoherent in more than one way. Subdomains are not able to use SSL. See feature request

• 

  cPanelMichael

  • October 23, 2013 17:18

  Hello :) I recommend opening a new feature request for the specific configuration that you would like to see allowed. The following feature request may also interest you: SSL Certificate Per Domain for all services Thank you.

  0
• 

  lorio

  • October 24, 2013 11:26

  Michael, seems you're everywhere. Thanks for your effort. I have no problems opening a feature request. We had some threads about relating or similar topics before. Not sure if the wording and explanation of the problem prevented any traction in the userbase or if nobody is needing that featureset. Hope to find enough people here in the forums which care about that problem today. Might help to get a better feature request.

  0
• 

  lorio

  • December 16, 2013 09:14

  For TL;DR: Is there a way to allow a customer/user to access webmail via standard ports via SSL/TLS with only a wildcard cert for the whole server? customerdomain.tld/webmail has the firewalldetection screen but if nonstandard ports are blocked a cert for the account is needed.

  0
• 

  cPanelMichael

  • December 16, 2013 18:19

  [quote="lorio, post: 1530051">For TL;DR: Is there a way to allow a customer/user to access webmail via standard ports via SSL/TLS with only a wildcard cert for the whole server? customerdomain.tld/webmail has the firewalldetection screen but if nonstandard ports are blocked a cert for the account is needed.
  Are you referring to port 2096? If so, that port is accessible with the standard SSL certificate that's installed for the cPanel/WHM/Webmail service in: "WHM Home " Service Configuration " Manage Service SSL Certificates" A wildcard certificate is acceptable, but most users prefer to install it for the hostname of the server to ensure there are no certificate warnings. Thank you.

  0
• 

  lorio

  • December 16, 2013 18:28

  [quote="cPanelMichael, post: 1530741">A wildcard certificate is acceptable, but most users prefer to install it for the hostname of the server to ensure there are no certificate warnings.
  I only want to use the installed wildcard for the hostserver. The problem are the nonstandard ports. With standard port I meant the ports no corporate firewall is blocking. 208X und 209X are mostly blocked. We could say standard is 443 for SSL/TLS . Why isn't it possible to have (you will need an additional signed cert to prevent browser problems) If you are not behind a firewall that blocks port 2096 as an entrypoint ? Perhaps a special account, which can be used for certain functions. Such a location will be also needed to place custom XML files for autodiscover/autoconfig.

  0
• 

  cPanelMichael

  • December 17, 2013 14:28

  You can modify the settings under the "Redirection" tab in "WHM Home " Server Configuration " Tweak Settings". In particular, this option: SSL redirect destination Also, you mentioned the entry point or the URL used to access Webmail. What error message do you receive when accessing it directly through that URL? Thank you.

  0
• 

  lorio

  • December 17, 2013 14:55

  [quote="cPanelMichael, post: 1531472"> SSL redirect destination
  I am familiar with these settings. If you choose "Always redirect users to the SSL/TLS ports and certificate hostname when visiting /cpanel, /webmail, etc." you don't be able to change anything. And that is correct. If you only want to use a wildcard cert for the whole hostserver you don't want to redirect to the customer domains. [quote="cPanelMichael, post: 1531472"> Also, you mentioned the entry point or the URL used to access Webmail. What error message do you receive when accessing it directly through that URL?
  Which entrypoint? Sorry. If you have installed a wildcard on the apache installation (which is not recommended) you will get a redirection to the ports 2096 /2083 when entering (:443). Why not? What are the concerns? Thanks for your time.

  0
• 

  cPanelMichael

  • December 17, 2013 16:15

  The use of port 443 would coincide with the use of the proxy subdomains feature. Proxy subdomains are not designed to work over port 443. Thus, cPanel/WHM/Webmail are accessible over port 80, but not using https. You have already added your input for the existing feature request: [url=http://features.cpanel.net/responses/add-option-to-redirect-webmail-subdomain-to-hostname-instead-of-origin-domain-name]Add option to redirect webmail subdomain to hostname instead of origin domain name | cPanel Feature Requests Thank you.

  0

Please sign in to leave a comment.