Problems with certificate

E

eliassorensen

Verified User
Joined
Dec 23, 2011
Messages
10
Hello,

I have a user with several domains, and one of these domains has an SSL certificate.

So, domain-a.com has a certficiate, and domain-b.com and domain-c.com does not have a certificate.

It works perfectly on domain-a.com (https://domain-a.com), and has no certificate issues.

However, when I for example add mail.domain-b.com as an IMAP server, and my mail program tries using SSL, it uses the certificate from domain-a.com - resulting in an error (as domain-b.com is not a part of the certificate).

Likewise, if I enter https://domain-b.com (I don't have a certificate on domain-b.com - only domain-a.com), I get an error: "You tried to reach domain-b.com, but the server identifies itself as domain-a.com.....".

How do I solve this issue? It shouldn't really be happening.
 
I forgot to add, that SSL is disabled for domain-b.com and domain-c.com in admin. Only enabled for domain-a.com
 
I'm only answering your second question:

DNS converts domain-b.com to an IP#, and your visitor ends up at that IP#. No problem with http, but if he attempts to attach to https, he ends up looking at httpos configuration which points to the certificate for the wrong domain.

I'm not sure if this can be changed with custom Apacheconfiguration or not, but you may be able to change it by adding shared IP# to account as an extra IP# and pointing add-on domains to that IP#.

Jeff
 
Thanks for your reply, Jeff. That was also the conclusion I came to.

I guess a solution could be to set up a domain only for mailserver (etc. mail.mycompanyname.com) and then buy a valid domain for that?

I was just wondering about the issue, as I don't think larger shared-ip hosts have that problem regarding certificates?
 
I don't know what emil program you're using. We tell our clients to use TLS, and my recollection is that as long as there's a Certificate there it's used, but with no error for domain mismatch. My understanding always has been that domain mismatches only occur using https.

I also don't know which Certificate you're pointing to for email, or why or how your email client is pointing to a different Certificate for each domain name.

But you don't n4eed a separate domain for email; you can simply log in or have your clients log in, to your hostname, ane use the hostname's valid Certificate (which you should have anyway, to support secure DirectAdmin and webmail login).

For example:
Code: 
POP Server: host.example.com
IMAP Server: host.example.com
SMTP Server: host.example.com
Email Login: [email protected]
Email Password: NEEA4UFPHMxvqccjek
Jeff
 
You must log in or register to reply here.
Back
Top