Remove Self-Signed SSL?

Ian Durey

• August 01, 2017 19:40

I'm not sure if this belongs in Email or Security. I have a server with Auto-SSL certs but when I connect to port 993 with ThunderBird the cert being served is the self-signed generic server cert, not the AutoSSL cert. The correct cert shows up on the web domain. How do I replace the TLS/SSL email cert? It feels like I'm overlooking something obvious but I can't find it.

• 

  Eminds

  • August 02, 2017 01:36

  login to whm >> manage ssl hosts there you can see which SSL being used by your mail server . you can remove the self signed ssl from there and reapply the SSL again.

  0
• 

  cPanelMichael

  • August 02, 2017 14:56

  Hello @Ian Durey, Can you review the settings in your email client and verify it's setup with "mail.domain.tld"? Also, check to verify "mail.domain.tld" is listed under the "Domains" column for the certificate associated with the domain name in "WHM >> Manage SSL Hosts". Thank you.

  0
• 

  Ian Durey

  • August 02, 2017 16:35

  Thanks for your reply. I did confirm the email client is connecting to mail.domain.tld and that cert is listed under the Domains section in Manage SSL Hosts and I have removed all self-signed certificates from that area. I noticed in SSL Storage Manager there are still some self-signed certificates listed under User Account SSL Resources but the AutoSSL certificates are listed under Apache's Installed SSL Resources. Maybe Mail/TLS is using the User Account SSL instead of the Apache ones?

  0
• 

  cPanelMichael

  • August 02, 2017 17:17

  Hello, It's possible this is related to the email client storing the older certificate locally. Can you reproduce the issue with a different email client, or see if clearing the existing SSL data in Thunderbird solves the issue? Thank you.

  0
• 

  Ian Durey

  • August 02, 2017 18:08

  Hi again, Thanks for your help, I figured it out. There was a mismatch between the email address and the certificate. Just in case someone else comes across this: server contains two domains: domain1.tld and domain2.tld username@domain1.tld is a valid email account on the server but domain1.tld is still hosted on another server (pre-migration) domain2.tld is a fully hosted on this server and has a valid AutoSSL cert domain1.tld only has a self-signed cert Connecting with the email account username@domain1.tld to the server mail.domain2.tld seems to pull the self-signed cert for domain1.tld instead of the one for mail.domain2.tld. Solution was to delete the account username@domain1.tld and create username@domain2.tld. Seems obvious in hindsight.

  0
• 

  cPanelMichael

  • August 02, 2017 18:09

  Solution was to delete the account username@domain1.tld[/EMAIL] and create username@domain2.tld[/EMAIL]. Seems obvious in hindsight.

  
  I'm happy to see you were able to solve the issue. Thank you for updating us with the outcome.

  0

Please sign in to leave a comment.