SSL and Self Certificate advice

fullfatdesigns

• September 15, 2015 10:14

Hi I'm after a bit of advice for our dedicated server (running CENTOS 6.7 WHM 11.50.0) and SSL / Self signed. I've currently got self-signed certificates, but run into expired messages when either logging into WHM or when trying to setup smtp mailservers with SSL. The self-signed don't expire until 2016. So, are self-signed not enough for trying to use SSL authentication on a mailserver? Or am I doing something wrong? Plus, should I look at getting a proper SSL Certificate for the actual server? and if so, should I get it for the domain that the nameservers use Any help/advice would be greatly received to help me get my head around this. Thanks Wayne

• 

  cPanelMichael

  • September 15, 2015 15:38

  I've currently got self-signed certificates, but run into expired messages when either logging into WHM or when trying to setup smtp mailservers with SSL.

  
  Hello :) Could you let us know the specific messages that you see or attach an image of the message? You should not receive expired notifications if the certificates are not scheduled to expire until 2016. Thank you.

  0
• 

  fullfatdesigns

  • September 15, 2015 16:58

  Hi Michael Thank you for your reply. I've attached two screenshots when logging into WHM and sending an email. Looking at the error messages, it doesn't say expired, like I though it did, but invalid instead. 30891 30901

  0
• 

  cPanelMichael

  • September 15, 2015 17:53

  Those messages are normal when using self-signed certificates. You can purchase a commercial trusted SSL certificate for the server's hostname and install it via: "WHM >> Service Configuration >> Manage Service SSL Certificates" Then, simply ensure your customers utilize the SSL certificate name when accessing those services. Thank you.

  0
• 

  fullfatdesigns

  • September 16, 2015 08:14

  Thanks for your help Michael. To confirm, if I buy a commercial SSL for the domain name I use for the nameservers... is this correct to be able to do what you mention above. Edit: Plus if existing customers currently have email set with us, will making the domain SSL cause any issues? Thanks Wayne

  0
• 

  cPanelMichael

  • September 16, 2015 13:26

  You should actually purchase it for the hostname of the server, as that's what most users will connect to. It won't result in any issues, but you may need to have your customers update the mail server name in their email clients if they want to utilize a signed certificate in cases where they don't have their own SSL certificate. Thank you.

  0
• 

  fullfatdesigns

  • September 17, 2015 09:33

  Hi Michael Thank you for your help so far. I've purchased a commercial SSL through WHM and used my hostname or the server which was serverXX-XX-XX-XX.live-servers.net which is a combination of our server name made from our IP (X'ed out) and the live-servers.net which is assigned to us by fasthosts who we have the server with. It went through, but the company have emailed me to say they need to verify the SSL to the domain... which we don't own (as fasthosts do)... have I done this in-correctly? They have said I can upload a cert.html file with details in to the root of the server as an alternative. But I'm not sure how I get to the root of the entire server? If you have any advice on this, it would be greatly received. Thanks Wayne

  0
• 

  cPanelMichael

  • September 17, 2015 15:18

  Have you considered using a domain name you own as the hostname of the server? Typically, most companies will use some variation of "hostname.myserver.com". This is the name that customers will see when accessing the certificate. Thank you.

  0

Please sign in to leave a comment.