Confused about Secure SSL/TLS Email Certs

Discussion in 'Linux VPS/Dedicated - cPanel' started by woodp, Jun 2, 2014.

  1. woodp

    woodp New Member

    My VPS has no need for https, but I would like to use Secure SSL Email. The cPanel setting for incoming and outgoing servers would be host.mydomain.com.

    It was recommended I purchase a wildcard cert for mydomain.com and host.mydomain.com ... which I did.

    Now I'm told that a single cert on host.mydomain.com would have been adequate. Since cert renewal is coming up, I'm wondering if I could save a bundle of money by getting a single domain cert for just host.mydomain.com.

    What's right - Single or wildcard cert?
     
  2. Dan

    Dan Moderator

    Hi woodp,

    I would think it depends on how you and your clients configure your email client. If everyone configures for mydomain.com then you need SSL for mydomain.com. If configured for host.mydomain.com then you need SSL for host.mydomain.com. Some clients like using their own domain name for their SMTP in which case this wouldn't work for them. The self-signed certificate works you simply get a pop-up stating that it's an untrusted certificate (at least Outlook did this), it just means that the cert wasn't generated by a trusted SSL vendor.
     
  3. phpAddict

    phpAddict Active Member

    Yea, and if you have users try and set up their own email you can expect more support calls. Some email clients have SSL enable by default, like iPhones (which they all should) so if your server's SSL is self-signed you can expect a call "What is this server not trusted message?".

    I don't know how much your'e paying and I don't usually try to toot on my reseller plan with godaddy but when it may help someone...
    Single Domain SSL cert: $49.99/yr
    Get a 5 subdomain cert for just $59.99/yr -This option would probably be best for you so you can cover both host.mydomain.com, and mydomain.com and have a couple others if the need arrises.
    Wildcard for $199.95/yr
    www.picklehost.com

    I personally, for the primary domain on my server, use a wildcard cert so it covers SSL with email, WHM, Cpanel access, and of course my website without any annoying "not a trusted certificate" crap.

    Hope that helps.
     
  4. woodp

    woodp New Member

    Thanks guys, but you didn't answer my question - single or wildcard?

    Attached is a screen capture from the email setup in cPanel. Note for insecure email, a user would use mail.hisdomain.com and there would be no browser or Outlook warning - Insecure email without a cert ... But for SSL email using ports 465 and 993, regardless of the users domain, every user would use host.mydomain.com for smtp and imap.

    When I first set up SSL email a year ago, I was told I needed a wildcard cert to cover host.mydomain.com *and* mydomain.com.

    Or ... could I just purchase a single cert for host.mydomain.com (and ignore mydomain.com) and get the exact same results?

    So, SSL email at a KH VPS running cPanel - single or wildcard cert?
     

    Attached Files:

  5. phpAddict

    phpAddict Active Member

    If you only want your SSL cert to cover your host.mydomain.com then yes and single will cover your needs. However, the purchase of a "Single Domain SSL Cert" in my experience only covers "www.mydomain.com" and "mydomain.com" so that's likely why you were told to get a wildcard cert. If you can find a company that will sell you a single and let you choose what subdomain to use it for, then that will work. If not, then you may be able yo go for the "multiple domain cert" which should allow you to cover just the domains you want while saving you some money.
     
  6. woodp

    woodp New Member

    Ah, that makes sense. Appreciate the explanation!
     

Share This Page