• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Steps to have SSL under mail server?

S

SalvadorS

Regular Pleskian
Hello everybody,

I have a client who needs to have SSL under mail (mail.domain.ext)

The client is under a server and in this server there is only one domain, the domain of my client.

So I want to know if this steps are correct:

1.- Buy a wildcard certificate *.domain.ext
2.- Install the SSL certificate in the domain of the client.
3.- Use this certificate to secure the mail under tool and settings -> SSL/TLS certificates -> Cert to protect the mail

Are these steps correct?

Thank you for helping!
 
Hi Salvador

This might not be as simple as it seems - does your base server hostname also use the domain of your client?

Rob
 
Hi,

Thanks for answering.

I have to Create the server so I can call it server.clientdomain.ext if it is necessary

It is?

Regards!
 
If the entire server is providing email services for just the one client it will make it much easier to setup if the server hostname uses the same domain name as the client.

For our shared hosting servers we purchased a multi-domain certificate that secures both 'serverhostname.ourcompanyname.com' and 'mail.ourcompanyname.com' and added that as the default / main SSL certificate for the whole server, alternatively you could purchase a wildcard *.ourcompanyname.com which will also allow you to secure websites on the same domain.

In Plesk -> Tools & Settings -> Security -> SSL/TLS Certificates there is an option to set 'Certificate for securing mail' where you can choose which certificate Plesk will serve for POP3 / IMAP etc.

Would have a look the following page as well:

Securing Plesk and the Mail Server With SSL/TLS Certificates
 
In this case you will need to use a multidomain (SAN) certificate that contains all the (domain)names you're using.

The only way to circumvent that, would be to use a second/dedicated IP address and manually configure plesk panel, postfix/exim, and dovecot/cyrus in order to use different certificates (could also be LetsEncrypt) for the different IPs.
 
I have one server, only one domain and only one IP. And will be only one server, one IP and one domain. So, the steps I wrote in the first comment are correct? Do I have to name the server with the name of the domain also or it is not necessary?

Thanks
 
It is not necessary but it may make it simpler for you config wise, if that is the sole purpose of the server why complicate matters?

If you assume the clients domain name is 'example.com' and your server IP is 0.0.0.0:

Server IP: 0.0.0.0
Server hostname: mail.example.com
TLS/SSL certificate hostname: mail.example.com

The single certificate would secure both the server itself (i.e. Plesk) and provide the verifiable encrypted mail connection that you require.

You would then create a DNS A record for 'mail.example.com' to point to 0.0.0.0 and set the MX record for example.com to 'mail.example.com'.

As ChristophRo stated you could use a different hostname for the server but in that case you would need a multi-domain cert which would incur additional cost.

Rob
 
You must log in or register to reply here.

Similar threads

L
Issue Plesk Mail Only SSL Still Not Functioning Properly
Replies
2
Views
222
alvarezcruz
alvarezcruz
C
Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)
Replies
4
Views
625
Chucky_213123
C
Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
536
Polli
Polli
W
Question SSL Cert for Mail-Server
Replies
1
Views
588
Kaspar
K
QWeb Ric
Issue Server pool SSL not showing for selection
Replies
0
Views
370
QWeb Ric
QWeb Ric
Back
Top