Secure webmail with SSL certificate

[Cruiser1]

Hello everybody,
I want to secure the webmail access (webmail.mydomain.com) with an SSL certificate. In this case, a self signed certificate should be enough because the users using the webmail will trust it.

Latest Plesk 12 and Windows Server 2012 R2, MailEnable WebMail as shipped with Plesk. Horde Webmail.

How would I set this up? I found no setting to enable SSL for the webmail subdomain. And I can not add it as subdomain and assign the self-signed certificate on it (Plesk panel does not allow webmail.mydomain.com as subdomain as it is already in use).

I found these links but they did not really answer my question as the information is mostly outdated (Windows 200):
https://www.mailenablecorp.com/kb/Content/Article.asp?ID=me020281
http://forum.mailenable.com/viewtopic.php?f=7&t=16635&start=0
http://blogs.iis.net/thomad/archive/2008/01/25/ssl-certificates-on-sites-with-host-headers.aspx

There is a KB article for linux here but none for windows:
http://kb.odin.com/en/123648

Thanks for any support!

 

[IgorG]

You can describe your business case and vote for adding this feature here - http://plesk.uservoice.com/forums/1...90-add-management-of-webmail-ssl-certificates

 

[Cruiser1]

So at the moment there is no possibility to access webmail with SSL? Seriously? This is a huge security issue!

In the mentioned - and signed - idea, the guy says that it's possible to secure webmail using a wildcard certificate. Can anybody confirm this? How would I set this up and what kind of certificate would I need?

 

[IgorG]

I agree, it is real problem. And we are working on it. We will fix it in the one of nearest Plesk version.

 

[Cruiser1]

Thank you Igor, that's good news!

I know these questions are annoying but I still have to ask - when can we expect this feature? Is the nearest plesk version soemthing like 12 #30 in a few weeks or are we talking about 13.X in a year?
I just want to find out if I should wait a few weeks or if I need to get some other solution if it takes more time... a rough estimate would be great.

 

[IgorG]

Sorry, But I have no any ETA.
You can check changes of status of requested feature on Plesk uservoice at least.

 

[IgorG]

Also I think that you can try to setup SSL on ME webmail with ME instructions.

 

[Cruiser1]

Also I think that you can try to setup SSL on ME webmail with ME instructions.

The newest informations there are for Windows 2000
I tried to follow the linked tutorial in my first post but it appears that plesk does not like that at all.

 

[Cruiser1]

Investigated further and it seems that the MailEnable version that is shipped with Plesk is standard and standard does not support SSL from MailEnable. So I need to wait for a Plesk based solution on this one...

 

[IgorG]

Investigated further and it seems that the MailEnable version that is shipped with Plesk is standard and standard does not support SSL from MailEnable. So I need to wait for a Plesk based solution on this one...

But you can upgrade ME to Pro or Enterprise editions.

 

[Cruiser1]

I'd still prefer a Plesk Solution I think

 

[Cruiser1]

Would Stunnel be an option? It was used in Plesk Panel 8.X series but has been removed in the meanwhile. Did somebody secure his IMAP/POP/SMTP/Webmail with stunnel on Windows Server 2012 R2 with PP 12.X yet?

 

[iltera]

@Cruiser1, the SSL feature is about the SMTP Security, not webmail. That SSL feature that Standart version not supporting is only for creating a secure connection between the MailServer and Client Application. When using webmail, you should secure your Webmail site from IIS. I just tried that and it works

 

[Cruiser1]

Hello iltera,
I know that these are separate features. But there is no point in having secure SMTP if webmail is not SSL protected.

Can you tell me step by step how you secured your webmail site from IIS?

Thanks and best regards

 

[iltera]

Will do even better, will take you there! Let's go => http://forum.mailenable.com/viewtopic.php?t=16635

 

[Cruiser1]

Thank you. I know wildcards are working (see my posted links) but the domain itself has no SSL certificate. I'd like to use self signed certificates for the webmail only.

 

[iltera]

Hmmm... What server are you using? If it's a Win2012 R2 box, then you have the "SNI (Server Name Indication)" option. That let's you use multiple SSL certificates (publicly signed or self-signed, doesn't matter) on the same IP address. All you have to do is add your "MailEnable WebMail" site (in IIS) a binding using "Edit Bindings" option. You choose https, port is automatically configured as 443, and you choose the cert you wanna use with that site and check "Require Server Name Indication" option before clicking OK.

That is, assuming you don't have a lot of IP addresses on your server and at least a couple of these IPs are used with some SSL certs.

If you're using an older version of Windows Server (including 2012), you have to spare an IP address in order to use SSL on a site. And if there are multiple sites on the same IP address, you will have to provide a base address for all your users to make the best of that secure connection to your webmail. I would use a domain that defines you company, register a publicly signed SSL just for "webmail.*" subdomain. That would do the job, fine.

Hope that's clearifying for you. Good luck!


EDIT: If you are asking how to create a self-signed certificate, you can find a lot of useful information by just searching on Google.

 

[Cruiser1]

Thanks, that worked for https for webmail.
Sadly there is still no proper protection for the mail itself with the standard mailserver

 

[24x7serversupports]

We have configured SSL for webmail using IIS for one of our client. You can try to add it manually. In IIS >> server certificates you can add it. Depending on OS options can change.