Mailing List CGatePro@mail.stalker.com Message #105788
From: Roberto Michelena <rmichelena@mac.com>
Subject: correct usage of SSL certs
Date: Tue, 25 Aug 2015 10:41:33 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.2104)
Hi list,

I don’t fully understand if the SSL certificate has to be issued for the domain (mydomain.com) or the specific host (mail.mydomain.com) ; it seems it makes a difference for IMAP but maybe not for SMTP ?

Also, I don’t know how it should be done when the MX record is set up as a CNAME to the real server, as in:
MX records for mydomain.com point to mail.mydomain.com ; “A” records for mail.mydomain.com point to CNAME server.otherdomain.com ; whose “A” records do point to an IP address.
So the SSL cert should be for “mail.mydomain.com” or for “server.otherdomain.com” ?

case in point: when I went on to finally buy real SSL Certs (as the self-signed were rejected by everyone), I was first about to buy for mail.mydomain.com and during the process it said it would apply to “mail.mydomain.com  AND www.mail.mydomain.com” which sounded ridiculous so I finally decided to buy for “mydomain.com” which would apply to “mydomain.com AND www.mydomain.com”

Now it seems to be working for incoming SMTP (I don’t see new errors); but for IMAP my mail client balks at it saying that the SSL Certificate is for “mydomain.com” and not for “mail.mydomain.com”; also I don’t know how well might it be working for SMTP out…
and the CNAME situation might even complicate things more?
(nevertheless in the SPF records, “server.otherdomain.com” is also listed)

Roberto Michelena

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster