General - SSLs

Discussion in 'Installation/Configuration' started by thawee, Dec 10, 2014.

  1. thawee

    thawee New Member

    Hey all,

    I am settings up a ispconfig3 panel and email server, and I would like some help understanding what a seasoned hosting company does in the following situation.

    I would like to make sure that my hosting domain & cp is secured with a SSL, and I would like to be able to make sure that all my clients are ssl'ed.

    I know that you can setup ispconfig 3 to allow clients to login to their cp from their domain (ie. cp.clientsite.com).

    Do you seasoned vets secure your clients cp?

    If so? how?

    I have read about creating my own CA and doing it that way, but I would like to know how the pro's handle it.

    Also, I would like to secure my domain email server, but it is unclear to me how to do that.

    In the documentation is shows that you can set up your clients webmail in the following ways.

    - mail.clientssite.com
    - clientssite.com/webmail

    My fear is if I setup either one, my clients email interaction with email won't be secure unless I spend tons o cash on ssl, or create my own ca?

    Please advise, and thanks in advanced to everyone.

    Hope to hear back soon :)

    Take Care & Happy Holidays!

    Thawee
     
  2. thawee

    thawee New Member

    I could really use some help.

    Please don't overlook me, Thanks
     
  3. Nicram

    Nicram Member HowtoForge Supporter

    Here You may buy cheap SSL certificates: https://www.gogetssl.com/ (You may choose the cheap one, it will be enought for start).
    Shortly how it work:
    You need 1 SSL for Your control panel domain. If Your email will use same domain name, then it is enough. If not, then it is better to have 2 certificates.
    Web server and e_mail server may use same certificates, but they do not have to.
    When users will try to connect to Your webserver, certificate will be used for encryption. You may also make Web access into mailbox by some email panel thru secured connection. If it will work on the same domain like CP then only 1 SSL You need.
    For email server it works different.
    Your email server use only 1 domain for communication with others (clients and servers). You may use other domain names for sending/receiving emails, but only the real one (that should have PTR record/reversedns) is used for communication. Other domains got special SPF/TXT/MX records that define to use only real domain for communication.
    So the email server app also need only 1 SSL certificate. For communicating with clients and other servers.
    In summary: Web server and email server may use same domain name, and then use only 1 SSL certificate. But they also can have different domain names, and then use different certificates. Web and email server are configured independent.
     
  4. sjau

    sjau Local Meanie Moderator

    Well, you can use self-signed certificates and stuff. The problem is, your customers will get first a warning about it. Such a warning might bother clients and if so, try to get cheap/free ssl certs.

    However, in Q2 2015, SSL cert situation should improve a lot:

    https://letsencrypt.org/2014/11/18/announcing-lets-encrypt.html

    Supported by FSF, Mozilla, Cisco and others... it seems that's the way to mass-deploy free SSL certs.
     

Share This Page