Email Encryption

azw

New Member
#1
Hello,
I'm considering implementing encryption of emails sent via my VPS server. Is there a fairly easy way to do this? Perhaps more importantly, would it be truly worthwhile?
 

phpAddict

Active Member
#2
It's absolutely worth while and it's relatively easy to set up.
Without it, all emails you send/receive are in plain text and if I knew where you were and could get onto the same network as you I could easily packet sniff all the emails you send and receive. So if you were to send someone a password for example, I would be a happy hacker.

First you need an SSL Cert. You can issue your server it's own for free, but you'll get warnings when you try accessing webmail and in your email client saying it's not trusted, so it's recommended you purchase an SSL cert from a trusted authority such as my PickleHost GoDaddy Reseller system (shout out) or GoDaddy or any other should be fine. I also recommend just purchasing a Wild Card SSL Cert for your server's primary domain that way you can encrypt everything you access on your server, WHM, cPanel, WebMail, etc.

Next, (optional) I recommend you force webmail users to use HTTPS over HTTP, which is a setting in WHM. This also will apply to WHM and cPanel access making everything you access encrypted.

Then in any of your email clients (Outlook, on your cell phone, thunderbird, or whatever you're using) switch to TLS encryption. If you choose that Wild Card SSL Cert mentioned earlier you'll set the servers to your server's primary domain so you won't get any certificate warnings.

KH support can easily assist with those requests if you need any help and I'm happy to walk you through the process of getting an SSL Cert from PickleHost if you decide to purchase there.
 

phpAddict

Active Member
#5
I've not used GeoTrust myself, but I believe they are just as good as any other and cheaper than most, even my PickleHost unfortunately :(.

WildCard (All Sub Domains i.e. www.mydomain.com, mydomain.com, pop.mydomain.com, smtp.mydomain.com etc.)
GoDaddy - $299/yr
PickleHost - $199/yr
Comodo and GeoTrust - $149/yr

Single Sub Domain (i.e. www.mydomain.com and mydomain.com)
GoDaddy - $69/yr
PickleHost - $49/yr
GeoTrust - ~$17/yr
 

azw

New Member
#6
I could imagine that LetsEncrypt will really disrupt the SSL cert businesses, like yours.

Does one wildcard SSL cert also protect parked domains attached to that domain? Or do you have to count those as separate domains (another 1 of the 5-10-15 that you pay for)?

Boy, when I add up all the domains I control, a number which have email attached, I'd need a wildcard for 10-15 domains.
 

phpAddict

Active Member
#7
It's per domain, so you would need one for each parked domain. That's why I just have one for my server's primary domain and set up my client's email client to use my pop and smtp domain so I don't have to purchase an additional SSL Cert for them. I have hundreds of domains hosted on my server but only need the one wildcard cert used for secure access to webmail, cpanel, whm, email, etc. and then I have a few single sub domain certs for clients that have hosted websites that need to be secured for one reason or another. So all in all I have fully encrypted access to everything needed but only pay for 1 wildcard and a few single sub domain certs, well worth it.
 

azw

New Member
#8
I'm not sure I understand this:
"I just have one for my server's primary domain and set up my client's email client to use my pop and smtp domain so I don't have to purchase an additional SSL Cert for them. I have hundreds of domains hosted on my server but only need the one wildcard cert used for secure access to webmail, cpanel, whm, email, etc."

I have a VPS with a few customers' site on it, as well as mine. But they have different domain names and use their domain names for email, too.

Could I set up a wildcard SSL cert so that the other people's sites and email use that one cert?
 

KH-FreddieA

Technical Support Operator
Staff member
#9
You can use your WHM hostname for email, ftp, cpanel/whm and webdisk access. I prefer it this way, so I don't have to manage multiple domain SSLs.
 

KH-FreddieA

Technical Support Operator
Staff member
#11
No, they can just use 'YourWHMHostname.com' to login to check their email. They still maintain their email addresses they have.
 

phpAddict

Active Member
#12
Top