SSL Certificate for Mail

[hci]

I have a certain Directadmin server with 4 domains on it. I want SSL mainly for email and only concerned with the client to server connection. I mainly want to do this because of apple and android devices complaining of having self signed certificate.

So for webmail I want this on a signed SSL:
https://www.my101maindomain.net/squirrelmail/

Also, for SMTP, POP3 and IMAP I want this on a signed SSL:
mail.my101maindomain.net

There other domains such as my102domain.net and my103domain.net but if they want SSL signed access they can go to the main domain I am guessing. How do I do this? Must every domain be on a separate IP? What about IPv6 when we roll that out soon?

Are there any HOWTO's on this? Thanks.

 

[nobaloney]

I don't know if exim and dovecot understand multi-domain Certificates, so you can either experiment and hope they do... or you can buy multiple Certificates.

Multiple Certificates:

For SMTP, POP3 and IMAP, buy a certificate in the name mail.my101maindomain.net and install it as the Exim certificate, then in the Dovecot configuration point to that Certificate. But anyone else connecting over any of these protocols might get a name mismatch error. The way I'd solve the problem is to buy a Certificate for the hostname: hostname.my101maindomain.net (or whatever it is, and tell all users touse that to connect to email.

Or of course buy separate Certs for Dovecot and Exim, pointing each to whichever name you wish to use.

Then buy a Certificate for www.my101maindomain.net which you can use for that user for squirrelmail, or (as I'd do) buy one for the hostname (or use the same one as above but installed separately) to use for webmail, and give that information out to all users.

Single Certificate: Buy one certificate for the hostname, install it as the shared server certificate, and also as the Exim certificate and the Dovecot certificate, and give that one out.

Note that I offer low priced Certificates and will do these specialty installs at my regular hourly rate; contact me by email if you'd like to avail yourself of my services.

Jeff

 

[hci]

Right now imap, pop3 and smtp clients all connect too mail.my101maindomain.net. I could also link too https://mail.my101maindomain.net /squirrelmail/ for webmail. Does that make it easier?

 

[zEitEr]

Please check it, as that might be helpfull:

[TABLE="class: list, width: 887"]
[TR]
[TD="bgcolor: #EEEEEE"]Per-IP ssl certificates for dovecot[/TD]
[/TR]
[TR]
[TD="bgcolor: #EEEEEE"]Per-IP ssl certificates for exim[/TD]
[/TR]
[/TABLE]