• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

secure webmail using wildcard SSL certificate

M

mpecon

New Pleskian
After doing many searches I have been unable to work out how to get horde to work with a wildcard SSL on plesk 11.5.

The wildcard SSL certificate works for the domain and subdomains but webmail seems to want to use the self signed certificate provided by the machine.

The "webmail.domain.com" is an alias and not a subdomain.

There are similar threads but are all for much older version of plesk.

Many thanks
 
Last edited:
I edited..

Apache
/etc/apache2/plesk.conf.d/horde.conf

SSLCertificateFile "/etc/ssl/wildcard.pem"
SSLCertificateCAFile "/etc/ssl/wildcard.pem"
Click to expand...

NGINX
/etc/nginx/plesk.conf.d/webmail.conf

ssl_certificate /etc/ssl/wildcard.pem;
ssl_certificate_key /etc/ssl/wildcard.pem;
Click to expand...

But you have to update the templates to.

/opt/psa/admin/conf/templates/horde.php
/opt/psa/admin/conf/templates/nginxWebmailPartial.php

Copy them to

/opt/psa/admin/conf/templates/custom/

Then edit.
Regards

Lloyd
 
Last edited:
Hi Lloyd,

Many thanks indeed!

The line SSLCertificateCAFile caused errors, so I left it out of /etc/apache2/plesk.conf.d/horde.conf

I have one ip address with multiple domains and I have one wildcard SSL for one of the domains.

Am I correct in guess that if I wanted another wildcard SSL for one of the other domains that this would not work?

Once again, many thanks for your prompt solution.

Regards,

Michael
 
Last edited:
Yeah that's right, you can only use one domain as far as I can tell.

With regards to the SSLCertificateCAFile, it should have been..

SSLCertificateFile "/etc/ssl/webmail.pem"
SSLCACertificateFile "/etc/ssl/certs/webmail.ca"
Click to expand...

SSLCertificateFile = private key, and certificate
SSLCACertificateFile = intermediate certificate

I found if I didn't have the CA part I got chain issues when testing the domain at..

https://www.ssllabs.com/ssltest/index.html

Hope it helps
Regards

Lloyd
 
Or, you can do it like..

SSLCertificateKeyFile "/etc/ssl/private/webmail.key"
SSLCertificateFile "/etc/ssl/certs/webmail.crt"
SSLCACertificateFile "/etc/ssl/certs/webmail.ca"
Click to expand...

I've just changed mine to this, keep everything separate.
 
You must log in or register to reply here.

Similar threads

Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
2K
Polli
Polli
GreenhouseTech
Question Wildcard SSL cert to be used for all aliases
Replies
5
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
W
Question SSL Cert for Mail-Server
Replies
1
Views
1K
Kaspar
K
W
Question set up a subdomain for an alias domain - SSL certificate
Replies
0
Views
695
W4ru
W
QWeb Ric
Issue Server pool SSL not showing for selection
Replies
0
Views
700
QWeb Ric
QWeb Ric
Back
Top