• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Steps to have SSL under mail server?

S

SalvadorS

Regular Pleskian
Hello everybody,

I have a client who needs to have SSL under mail (mail.domain.ext)

The client is under a server and in this server there is only one domain, the domain of my client.

So I want to know if this steps are correct:

1.- Buy a wildcard certificate *.domain.ext
2.- Install the SSL certificate in the domain of the client.
3.- Use this certificate to secure the mail under tool and settings -> SSL/TLS certificates -> Cert to protect the mail

Are these steps correct?

Thank you for helping!
 
Hi Salvador

This might not be as simple as it seems - does your base server hostname also use the domain of your client?

Rob
 
Hi,

Thanks for answering.

I have to Create the server so I can call it server.clientdomain.ext if it is necessary

It is?

Regards!
 
If the entire server is providing email services for just the one client it will make it much easier to setup if the server hostname uses the same domain name as the client.

For our shared hosting servers we purchased a multi-domain certificate that secures both 'serverhostname.ourcompanyname.com' and 'mail.ourcompanyname.com' and added that as the default / main SSL certificate for the whole server, alternatively you could purchase a wildcard *.ourcompanyname.com which will also allow you to secure websites on the same domain.

In Plesk -> Tools & Settings -> Security -> SSL/TLS Certificates there is an option to set 'Certificate for securing mail' where you can choose which certificate Plesk will serve for POP3 / IMAP etc.

Would have a look the following page as well:

Securing Plesk and the Mail Server With SSL/TLS Certificates
 
In this case you will need to use a multidomain (SAN) certificate that contains all the (domain)names you're using.

The only way to circumvent that, would be to use a second/dedicated IP address and manually configure plesk panel, postfix/exim, and dovecot/cyrus in order to use different certificates (could also be LetsEncrypt) for the different IPs.
 
I have one server, only one domain and only one IP. And will be only one server, one IP and one domain. So, the steps I wrote in the first comment are correct? Do I have to name the server with the name of the domain also or it is not necessary?

Thanks
 
It is not necessary but it may make it simpler for you config wise, if that is the sole purpose of the server why complicate matters?

If you assume the clients domain name is 'example.com' and your server IP is 0.0.0.0:

Server IP: 0.0.0.0
Server hostname: mail.example.com
TLS/SSL certificate hostname: mail.example.com

The single certificate would secure both the server itself (i.e. Plesk) and provide the verifiable encrypted mail connection that you require.

You would then create a DNS A record for 'mail.example.com' to point to 0.0.0.0 and set the MX record for example.com to 'mail.example.com'.

As ChristophRo stated you could use a different hostname for the server but in that case you would need a multi-domain cert which would incur additional cost.

Rob
 
You must log in or register to reply here.

Similar threads

carlsson
Issue Mail on Plesk, web on other provider, how do I create a correct SSL?
Replies
2
Views
133
carlsson
carlsson
Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2
Replies
26
Views
5K
Kaspar
K
S
Question Mail subdomains with wrong TLS certificate (e.g. imap.example.tld)
Replies
1
Views
228
Kaspar
K
D
Issue can only create webmail certificates
Replies
1
Views
354
deepnpisgah
D
B
Resolved Shared hosting with multiple domains SSL/TLS issues
2
Replies
20
Views
2K
bork
B
Back
Top