Forums and Blog

Hi, 

I am looking at securing my webmail address with an SSL Certificate and understand that I need to create a new site in IIS i.e. 

webmail.domainname.com and install the certificate on their to enable https:// this part is fine, however i also want to enable SSL on IMAP / POP3 / SMTP and the instructions say to select the previously installed certificate does this mean that clients would also need to enter for the incoming and outgoing servers webmail.domainname.com ? and if so how can I enable SSL on the default connection settings which I use which is mail.domainname.com?

Thanks Aaron

I actually have bought 2 certificates from servertastic (cheap at $10 per year). One for webmail.domain.com and one for mail.domain.com.

I use the webmail certificate for the website and and mail certificate for smartermail smtp/pop etc. That way the two are seggregated

Thanks for the reply servertastic is also my preferred supplier :)

Did you install a second website in IIS named mail.domain.com and then used that same certificate in Smartermail admin to add ssl to IMAP etc ? as the instructions I have read say to select a previously installed certificate.

Also can normal non SSL Connections POP/SMTP/IMAP still run on that mail.domain.com IP Address?  and if they choose to use SSL Just check the option in outlook settings.

Just want to make sure I get this right before making the change and to try not to break anyones setup

Thanks Aaron

I installed one website with IIS and forced it to use SSL only as well as secured it using webmail.domain.com .

I also followed the directions to install the mail.domain.com certificate and in the SM configuration I setup SSL rules for both TLS and SSL.

SSL SMTP/POP/IMAP uses ports 465,995,993 and you point the rule to your .cer file

TLS uses standard ports 25,110 and 143 for SMTP/POP/IMAP.

In both cases you point them both to your .cer file you get back from servertastic.

This should not impact your current imap/smtp and pop users since they would have to enable TLS or SSL in their client ot use that feature.

In regards to webmail, I do ONLY let my users use the secured version of the webmail. All http requests are redirected to https.

Thanks for the quick reply so I assume you setup an IIS site called mail.domainname.com created the cert and then stored the cer file to use in smartermail configuration later on.

Currently with my setup I have webmail.domain.com and mail.domain.com on the same IP Address for IMAP/POP/Webmail etc I also have every single domain on the system setup with a webmail DNS Record pointing to the same IP which IIS Listens on.

So if I am right in thinking I need to the following:

1) Set the current IIS Site on the existing IP Address to answer to the host header mail.domainname.com + *  & Install Cert in IIS

2) Create a new IIS Site called webmail.domainname.com with a new IP & Install cert in IIS

3) Configure Smartermail to use the cer for IMAP / POP3 / SMTP from above

I guess then customers who use webmail.theirdomain.com will go to the site in step2 and if they choose to use https there they would get a warning about invalid SSL Cert for domain in use.

It's all getting kind of confusing, just ordered by certs from servertastic though :)

Ok, so here's my setup:

For the main server I have:

mail.domain.com  ip is 192.168.1.50

webmail.domain.com  ip is 192.168.1.50

For the domains I have:

mail.customerdomain.com ip is 192.168.1.50

The current iis in production site is setup for webmail.domain.com and I setup a second iis site (to produce the mail.domain.com certificate) just for the smartermail cert generation. To allow users to go to webmail.customerdomain.com but prevent the ssl warning, just make sure all hits to login are redirected to https:///webmail.domain.com  would that work for you?

Thanks for the explanation its making more sense I like the fact that you auto redirect users to the correct SSL Site, with my setup yet again it gets a little complex as I have resellers who give their customers the webmail address to their main business domain and would want to hide the fact that they are a reseller.

I suspect what I need to do is follow your steps above, then setup seperate IIS sites for each reseller and just limit webmail addresses in the future i.e.

webmail.myhostingbusiness.com

webmail.resellerbusiness1.com

webmail.resellerbusiness2.com and so on

and stop setting up webmail.customerdomains.com in the future.

Thanks again for the help

Hi, 

I'm still struggling to get my head around this I now need to setup SSL for a customers domain ideally we would like to have mail.domainname.com (for use in mail apps ssl) and also webmail.domainname.com (for webmail ssl).

We are running IIS6.

I know that i would need to purchase two SSL certificates for each URL but I am stuck with what I do with IIS for generating the cert for mail.domainname.com?

Should I add two sites into IIS 1) mail.domainname.com & 2) webmail.domainname.com each with it's own static IP? (as IIS cannot bind SSL to two domains with the same IP)

Ideally I would like to limit the number of IIS sites I have for email and would love to not have mail.domainname.com as an IIS site, but then when the domain SSL comes up for renewal I would need the very same IIS site to renew the cert.

Any tips on this would be great. 

Thanks Aaron

Yes, you would need two sets of certificates for each domain. As this can become an administrative nightmare (IIS sites, ip usage and sn setup), on my server I just have one cert for IIS and one for the mailserver and all domains have their dns setup to use my primary mail domain. IT makes it easier when renewing certificates and for me telling my customers how to login.

Keep in mind though, just like apache it is possible to bind multiple certs to the same ip using host headers. Check out this thread:

http://forums.iis.net/t/1117559.aspx

Hi, 

It;s me again, I thought I had a pull plan on how to do this but still a little stuck. 

What I have done is created a new site in IIS: mail.customer1.com - IP 192.168.0.10 and had an SSL Cert issued, then I exported this and created an SSL type in Smarter Mail SSL Section. 

This works fine but I am finding that smarter mail only answers on ports 465,995 & 993 and will not answer on the standard ports 25, 110 etc . 

Also our server mail server is setup in rdns to be 192.168.0.5 so sending mail servers would have problems reaching us. 

Am I setting this up wrong?

Should I be doing this

1) in IIS create a site mail.customer1.com and generate SSL

2) in Smarter Mail add an SSL Cert for this site but bind it to the main server mail IP 192.168.0.5?

3) Should I be doing two additions 1 for SSL and 1 for TLS?

4) In IIS create a new site for webmail.customer1.com and generate SSL and have the customer use this for webmail?

Thanks Aaron