Facebook
Twitter
bradz
Regular Pleskian
Related Posts:
talk.plesk.com post-8525
support.plesk.com article 115004756974
iOS/MacOS can be set up to use mail and cert trusted in a shared IP hosting environment. However after cert is renewed after 3 months for better security, iOS/MacOS mail stops workings and puts up warnings message about cert every 5 seconds with no way to trust cert. To stop the warning popups, one must either, turn off mail account, disable SSL, or delete account / re-setup (Repeat in 3 months).
As a Mac user, I was able to escalate this to an engineer level who stated this was by design.
Is this approach valid and supported for security concerns?
MY POINT OF VIEW:
With the device using a valid DNS server, iOS/MacOS is able to lookup
- Client Domain Name, Shared IP & Primary Domain Name
- SSL Cert associated with Share IP/Primary Domain Name
- SSL Cert associated with Client Domain Name
I feel the device should make a better analysis, give the user more details and allow the user to trust or let the device trust by default.
I also feel that security is a gradient vs on/off. The user should be aware of this and decide needed level based on usage.
I do not see why a Cert Renewal should disable the Mail.
As a Plesk Admin/Email Provider, I keep getting support calls from other iOS/MacOS users.
Your thoughts Please! What am I missing? Am I wrong and why?
Thanks,
Brad
talk.plesk.com post-8525
support.plesk.com article 115004756974
iOS/MacOS can be set up to use mail and cert trusted in a shared IP hosting environment. However after cert is renewed after 3 months for better security, iOS/MacOS mail stops workings and puts up warnings message about cert every 5 seconds with no way to trust cert. To stop the warning popups, one must either, turn off mail account, disable SSL, or delete account / re-setup (Repeat in 3 months).
As a Mac user, I was able to escalate this to an engineer level who stated this was by design.
Is this approach valid and supported for security concerns?
MY POINT OF VIEW:
With the device using a valid DNS server, iOS/MacOS is able to lookup
- Client Domain Name, Shared IP & Primary Domain Name
- SSL Cert associated with Share IP/Primary Domain Name
- SSL Cert associated with Client Domain Name
I feel the device should make a better analysis, give the user more details and allow the user to trust or let the device trust by default.
I also feel that security is a gradient vs on/off. The user should be aware of this and decide needed level based on usage.
I do not see why a Cert Renewal should disable the Mail.
As a Plesk Admin/Email Provider, I keep getting support calls from other iOS/MacOS users.
Your thoughts Please! What am I missing? Am I wrong and why?
Thanks,
Brad
