Author Topic: TLS encryption for each domains hosted with CWP  (Read 602 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
TLS encryption for each domains hosted with CWP
« on: May 10, 2018, 06:20:32 AM »
I want to setup IMAP/POP3 access for incoming mail server on my CWP. For accessing the incoming mail server, I will need either POP3 or IMAP access with TLS encryption which is mandatory for most of the email clients.
My main host name is hosting.domain.com and that has the default host certificate.
I have created the domain example.com and created email account for the same as user@example.com. Here, example.com has its own SSL certificate.
When I add the same in mail client (Gmail on Android), I have entered incoming mail server as example.com and selected all the available options for security (like SSL/TLS, SSL/TLS (Accept all certificates), STARTTLS, STARTTLS (Accept all certificates)). But, the server is rendering only the main host name certificate (hosting.domain.com) instead of the mail address's domain certificate.
What can I do to host multiple domains with email accounts secured by TLS for each domains? What is the workaround?
(Note: Previously, I had Vesta-CP and I had replaced the main domain certificate with required main domain certificate and used the same as incoming & outgoing mail server for all the domains. But, it is not the proper way to do so. I can configure the windows mail clients like MS Outlook. But, in android device, I am getting the above said issues).

Offline
*
Re: TLS encryption for each domains hosted with CWP
« Reply #1 on: May 10, 2018, 11:43:42 AM »
You need to use hostname as mail servers to use SSL connection

Offline
*
Re: TLS encryption for each domains hosted with CWP
« Reply #2 on: May 11, 2018, 02:44:41 AM »
I have tried. But Gmail app is still saying that connection is not secure and it won't proceed to connect incoming mail server. It is showing proper SSL hostname (hosting.domain.com). I gad setup Letsencrypt SSL for all the domaima in the server uaing Auto SSL.

Offline
*
Re: TLS encryption for each domains hosted with CWP
« Reply #3 on: May 11, 2018, 06:01:14 AM »
Can You confirm that SSL is valid for your hostname ?
https://www.digicert.com/help/

Offline
*
Re: TLS encryption for each domains hosted with CWP
« Reply #4 on: May 11, 2018, 10:35:03 AM »
Yes.
When I try to access, Gmail app is saying that connection is not secure & not allowing to add the mail account for sync. But, it is showing proper hostname as domain.com with Let's Encrypt certificate for the incoming mail server. If I continue with Proceed Anyway, later Gmail app will be force closed automatically while switching to that mail account.
I have the MX record to point to the same domain (@) and PTR records are also proper. I do not get any error while accessing the roundcube webmail or in the admin panel of CWP. Also, I was able to access the email with MS Outlook on my windows 10 PC properly without any error.
I have also checked the SSL details in SSL shopper and also in Check TLS. SSL Shopper is not showing any error. But, Check TLS site is showing the error as 'Certificate 1 of 1 in chain: Cert VALIDATION ERROR(S): unable to get local issuer certificate; unable to verify the first certificate
This may help: What Is An Intermediate Certificate
So email is encrypted but the recipient domain is not verified'. I have tried many things like renaming the hostname, using different MX record with different hostname etc. But, problem is not solved.

I want to host two domains in the same server with single IP address with different mail accounts for each domains with TLS/SSL encryption. I will be using the Let's Encrypt SSL for all the domains. I would like to give an option to use any email client for the email accounts for easy access.