Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
Mail SSL
- Thread starter CJZ
- Start date
have a look here: http://kb.parallels.com/en/1062
Note the following though:
It seems to me that this is requested quite often, so it would be nice to see a way to select one of the SSL certificates already installed for http via the GUI and have it applied to imap, smtp and pop3. We'll have to add it as a feature request.
Note the following though:
It seems to me that this is requested quite often, so it would be nice to see a way to select one of the SSL certificates already installed for http via the GUI and have it applied to imap, smtp and pop3. We'll have to add it as a feature request.
Last edited:
JustinGivens
Basic Pleskian
Let say I set the new SSL cert (following KB 1062) to my maindomain.tld but then all my clients will get an error because it doesn't match their domain.... Agggg
So how can I get my clients from getting a Certificate error when connecting to mail.clientdomain.tld while using IMAP-SSL?
Outlook 2007 and Outlook 2010 won't connect to the IMAP server without using SSL!¿!¿
Well, it is all a metter of how you sell it to them.
Basically, you can just tell them to set their IMAP server address to mydomain.tld. From their point of view, it is just a setting, like anything else. They know their hosting account is with you, so there should be no problem with them using that domain.
You could, of course, register a special domain (e.g. generic-imap-server.com) and purchase and install a certificate for that if you wanted to be more generic and hide your company name. Again it is just a setting.
Are you absolutely sure about Outlook? We've never, ever bothered with a certificate for email (we've been hosting using Plesk for a good 10 years now), and we have a lot of customers using IMAP and nobody has every contacted us about certificate errors ** so far
**.
*** Test with a self-signed certificate before you purchase a real one, just to make sure everything works in the way you (and I) expect ***
Faris.
Basically, you can just tell them to set their IMAP server address to mydomain.tld. From their point of view, it is just a setting, like anything else. They know their hosting account is with you, so there should be no problem with them using that domain.
You could, of course, register a special domain (e.g. generic-imap-server.com) and purchase and install a certificate for that if you wanted to be more generic and hide your company name. Again it is just a setting.
Are you absolutely sure about Outlook? We've never, ever bothered with a certificate for email (we've been hosting using Plesk for a good 10 years now), and we have a lot of customers using IMAP and nobody has every contacted us about certificate errors ** so far
**.*** Test with a self-signed certificate before you purchase a real one, just to make sure everything works in the way you (and I) expect ***
Faris.
mconstable
New Pleskian
It is possible to get courier-imap to provide a different SSL certificate per domain. On Debian 6 it would be something like this assuming you have the original key and crt (figuring out which ones in /usr/local/psa/var/certificates/ is another story)...
where xx.xx.xx.xx is the dedicated IP associated with yourdomain.com. You can check that the right certificate is being presented by using...
It may even be possible to use SSL per domain with postfix using something like this in /etc/postfix/master.cf but I haven't got this to work yet, might need a later version of postfix perhaps (all on one line and Plesk may overwrite it)...
Note the -o smtp_helo_name=yourdomain.com, this actually works on outgoing mail and should be provided by Plesk because I have no idea how SPF hardfail can be used without that extra setting for virtual domains on virtual IPs otherwise the default $myhostname from /etc/postfix/main.cf will be presented.
If anyone has got this to work with postfix or has any suggestions then please post!
where xx.xx.xx.xx is the dedicated IP associated with yourdomain.com. You can check that the right certificate is being presented by using...
It may even be possible to use SSL per domain with postfix using something like this in /etc/postfix/master.cf but I haven't got this to work yet, might need a later version of postfix perhaps (all on one line and Plesk may overwrite it)...
Note the -o smtp_helo_name=yourdomain.com, this actually works on outgoing mail and should be provided by Plesk because I have no idea how SPF hardfail can be used without that extra setting for virtual domains on virtual IPs otherwise the default $myhostname from /etc/postfix/main.cf will be presented.
If anyone has got this to work with postfix or has any suggestions then please post!
zconsulting
Basic Pleskian
@mconstable:
have you figured out how to get Postfix to use a different certificate for each IP?
Thank you!
have you figured out how to get Postfix to use a different certificate for each IP?
Thank you!
mconstable
New Pleskian
@zconsulting: I gave up on Plesk long ago so no I never got a chance to test this for real but the above snippet includes -o smtp_bind_address=xx.xx.xx.xx so I presume that with the other settings would deliver a unique certificate per IP. HTH.
zconsulting
Basic Pleskian
ok, i figured it out (thanks in large part to mconstable, and to this site).
Here is how you bind a different security certificate to each IP.
for POP/IMAP, all you have to do, as mconstable said, is add the certificates in the following format (where xx.xx.xx.xx is the IP address):
Now, for postfix, here is what i did:
Again, using Plesk 11.5 on Centos 6, the end of the master.conf file (found in /etc/postfix/ directory) was as follows:
This is most likely because i purchased the last 3 IPs after initial setup of the server.
First, you need to create the certificate files; i just used the original .pem format. This means that is you have a .key file and a .cer file, you need to concat them into a .pem file, placing the key first. Then you place them in the /etc/postfix/ directory -- you can also create a new directory for your certificates, for example: /etc/postfix/ssl/
Now, here is what it should look like to get a unique certificate on each IP.
Here is how you bind a different security certificate to each IP.
for POP/IMAP, all you have to do, as mconstable said, is add the certificates in the following format (where xx.xx.xx.xx is the IP address):
Note: for me, using Plesk 11.5 on Centos 6, the above path is simply /usr/share/ (not /usr/share/courier-imap/)
Now, for postfix, here is what i did:
Again, using Plesk 11.5 on Centos 6, the end of the master.conf file (found in /etc/postfix/ directory) was as follows:
This is most likely because i purchased the last 3 IPs after initial setup of the server.
First, you need to create the certificate files; i just used the original .pem format. This means that is you have a .key file and a .cer file, you need to concat them into a .pem file, placing the key first. Then you place them in the /etc/postfix/ directory -- you can also create a new directory for your certificates, for example: /etc/postfix/ssl/
Now, here is what it should look like to get a unique certificate on each IP.
Last edited:
zconsulting,
Do you have any suggestions on what the Postfix configuration file would look like in Plesk 12? I successfully bound each IP to a separate SSL certificate in Dovecot (for IMAP/POP3), but cannot seem to adopt your suggestions above for a Plesk 12 Postfix configuration file.
Hoping you have some suggestions.
Thanks
Do you have any suggestions on what the Postfix configuration file would look like in Plesk 12? I successfully bound each IP to a separate SSL certificate in Dovecot (for IMAP/POP3), but cannot seem to adopt your suggestions above for a Plesk 12 Postfix configuration file.
Hoping you have some suggestions.
Thanks
Similar threads
