SSL cert re-use question

Discussion in 'Linux VPS/Dedicated - General' started by Ichiban, Sep 17, 2013.

  1. Ichiban

    Ichiban Member

    I purchased a cheapy ($10/yr) Comodo Positive SSL cert to secure www.mydomain.com. This cert covers the root, mydomain.com, as well.

    I have a few mail related questions:

    1) Can I re-use the SSL cert to secure SMTP traffic? I seem to recall doing so a long time back for a sports league I helped out with.

    2) If yes, should I/can I configure the mail system to report it's name as mydomain.com or www.mydomain.com when negotiating connections?

    3) Does the RDNS for the IP address which will be handling SMTP connections need to match the hostname value used above?

    Thanks for reading (and, hopefully, answering)!
     
  2. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

    Sure, as long as you access SMTP via the same domain name.

    You'd want to use a direct A record, so mydomain.com.

    As long as the rDNS entry is an A record that resolves to the IP address you've got the rDNS set on, you should be all set.

    Hopefully this clears everything up for you and was helpful :)
     
  3. KH-Mathew

    KH-Mathew Systems Administration Staff Member

    To make using my cert easy for all services I just changed my hostname from host.domain.com to domain.com. If you do this you still have to install the cert on the domain and then in the service certs manager in WHM. My cert works for the domain as well as FTP, Webmail, cPanel, WHM, and SMTP. This is assuming that you have a cPanel server. You still need to have support change your rDNS as Jonathan mentioned.
     
  4. Ichiban

    Ichiban Member

    Thanks Jonathan and Matt for the helpful replies.

    I was actually considering dropping some more $'s on an AlphaSSL wildcard cert to make this whole exercise a bit easier. Matt's tweak on the WHM hostname sounds like a great way to get maximum mileage out of my puny $10 PositiveSSL cert. :) I'm going to give this a try tonight.

    Thanks again!
     
  5. Ichiban

    Ichiban Member

    WHM seems to insist that I have a 3 part hostname:

    "Your hostname must contain at (sic) 3 unique sections split by periods". They probably mean to say 'distinct', but whatever. Bottom line is that WHM won't let me use domain.com as my hostname. I'm guessing that's new, and somewhat unfortunate, behavior.

    I'm going to play around a bit and see what I can come up with. Given the apparent interaction between the WHM cert and a cPanel account for my main domain (http://forums.knownhost.com/threads/setting-up-a-cpanel-account-for-the-root-domain.2671/), I have a feeling I'll be picking up the AlphaSSL wildcard, but I'll try some different configurations out first before punting on the single domain cert.
     
  6. Ichiban

    Ichiban Member

    In the end, I left the system hostname as knownhost.domain.com, despite the fact that the SSL cert was for www.domain.com or domain.com. WHM installed it without a burp and as long as I access it using www.domain.com, it seems to work as expected. It'd been much neater to do the rename trick Matt detailed, but as long as I can configure the services to work properly using the www.domaim.com/domain.com cert, I'll be happy.
     

Share This Page