Vesta Control Panel - Forum

Team,

i have a PositiveSSL Certificate from Comodo and i'd like to use it also for my email Server (defaults Exim4 + Dovecot installed by VestaCP). The certificate works perfectly with my website.

Comodo generates 3 files:
AddTrustExternalCARoot.crt
PositiveSSLCA2.crt
www_mydomain_com.crt

in the file : exim4.conf.template
i have :
tls_advertise_hosts = *
tls_certificate = /usr/local/vesta/ssl/certificate.crt
tls_privatekey = /usr/local/vesta/ssl/certificate.key

certificate.crt ->www_mydomain_com.crt
certificate.key->my domain server RSA Private key

i have also modify several files for Dovecot ...
in /etc/ssl -> i add PositiveSSLCA2.crt
in /etc/ssl/private -> i add my domain server RSA Private key (in dovecot.pem)
in /etc/ssl/certs > i add www_mydomain_com.crt (in dovecot.pem)

in /etc/dovecot/conf.d/10-ssl.conf :
ssl = yes
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
ssl_ca = </etc/ssl/PositiveSSLCA2.crt

i'm using MS OUTLOOK 2013 to connect (pop/smtp) to the server
pop3 -> port : 995
Smtp -> port 587

i've got every time this error message at MS OUTLOOK STARTUP :

The server you are connected to is using a security certificate that cannot be verified.
The target principal name is incorrect.

How can i solve this problem ?
am i fault with my setup ?

Thanks for your help
Jerome

mephivio wrote:Team,

i have a PositiveSSL Certificate from Comodo and i'd like to use it also for my email Server (defaults Exim4 + Dovecot installed by VestaCP). The certificate works perfectly with my website.

Comodo generates 3 files:
AddTrustExternalCARoot.crt
PositiveSSLCA2.crt
www_mydomain_com.crt

in the file : exim4.conf.template
i have :
tls_advertise_hosts = *
tls_certificate = /usr/local/vesta/ssl/certificate.crt
tls_privatekey = /usr/local/vesta/ssl/certificate.key

certificate.crt ->www_mydomain_com.crt
certificate.key->my domain server RSA Private key

i have also modify several files for Dovecot ...
in /etc/ssl -> i add PositiveSSLCA2.crt
in /etc/ssl/private -> i add my domain server RSA Private key (in dovecot.pem)
in /etc/ssl/certs > i add www_mydomain_com.crt (in dovecot.pem)

in /etc/dovecot/conf.d/10-ssl.conf :
ssl = yes
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
ssl_ca = </etc/ssl/PositiveSSLCA2.crt

i'm using MS OUTLOOK 2013 to connect (pop/smtp) to the server
pop3 -> port : 995
Smtp -> port 587

i've got every time this error message at MS OUTLOOK STARTUP :

The server you are connected to is using a security certificate that cannot be verified.
The target principal name is incorrect.

How can i solve this problem ?
am i fault with my setup ?

Thanks for your help
Jerome

Here is a doc about how to enable ssl on webmail.

It's in chinese, but I think the image is enough for you. please contact me if you still have problem.

Congrats !

Thanks for your soluce
Very interesting to get Webmail and PhpMyadmin accessed from SSL !
it works well !


I'm still searching another solution to get my Signed certificate to work perfectly with Microsoft Outlook without having this alert coming at the startup .. Any other idea ?

Thanks

mephivio wrote:Congrats !

Thanks for your soluce
Very interesting to get Webmail and PhpMyadmin accessed from SSL !
it works well !


I'm still searching another solution to get my Signed certificate to work perfectly with Microsoft Outlook without having this alert coming at the startup .. Any other idea ?

Thanks

Do you ever try this: viewtopic.php?f=12&t=4779

Here is a doc about how to enable ssl on webmail.

It's in chinese, but I think the image is enough for you. please contact me if you still have problem.

On basic default vesta cp, without nginx activated, how to make it work with this tuto ?
Templates: Nginx as caching ? Apache as default ?

The problem :
i'm using vestacp for several customers
they have their own certificate
how to setup exim4 + dovecot to be sure they can access to outlook in tls / secure mode ?
Should i buy a multidomain certificate to be sure it works ?
By default, if i activate TLS path in dovecot and exim4, it uses only my default certifcate and it doesn't work of course for my customers domains ....

Thanks for your help

J