SSL/TLS issue since upgrade from 1.2.2 to 1.2.8

  • Hello

    I don't know which upgrade causes the issue.
    I'm on Ubuntu 14.04 and now i-mscp 1.2.8

    When I was in 1.2.2 I was able to connect to IMAPS/POP3S and SMTPS with the same certificate I use for the panel.

    I even made a screenflow recording the installation of an account in GMAIL using the POP3S to my server.
    A user called me today as she is unable to connect the same way I did in the video.
    I checked and indeed Gmail told me the connection uses a self signed certificate and not the one I'm using for the main domain.

    I've no idea where I have to look to change this behaviour.

    1. # Servers# Please, do not change these parameters manually# Run the i-MSCP installer as follow:# imscp-autoinstall -dr serversFRONTEND_SERVER = nginxSQL_SERVER = mysql_5.5PO_SERVER = dovecotNAMED_SERVER = bindHTTPD_SERVER = apache_itkFTPD_SERVER = proftpdMTA_SERVER = postfix

    When I test the certificate it seems Dovecot does not use the same certs as the webserver of the panel.

    Test of the cert on the panel :

    1. openssl s_client -showcerts -connect certificatesubject=/OU=Domain Control Validated/CN=control.cqfd.netissuer=/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU= Secure Certificate Authority - G2---

    Test of the cert on the pop3 server :

    1. openssl s_client -showcerts -connect
    2. ---
    3. Server certificate
    4. subject=/O=Dovecot mail server/OU=localhost/CN=localhost/emailAddress=root@localhost
    5. issuer=/O=Dovecot mail server/OU=localhost/CN=localhost/emailAddress=root@localhost
    6. ---
  • @VirtualCed


    You must make distinction between the SSL certificate used for the i-MSCP panel host and the SSL certificate used for the services (proftpd, postfix, imap/pop).

    You claim that with i-MSCP 1.2.2, you were able to connect to pop/imap using the same SSL certificate (the one used for the panel) but when you configure i-MSCP, you are asked for two SSL certificates:

    • One for the i-MSCP control panel
    • One for the services (proftpd, postfix, imap/pop)

    If you want use the same certificate for both services, you should just reconfigure the SSL item by providing the same SSL certificate information (private key, certificate and the intermediate certificates) for both, the panel and the services.

    To resume

    If you want reconfigure both SSL certificates (panel and services):

    1. # perl /var/www/imscp/engine/setup/imscp-setup -dar ssl

    If you want reconfigure panel SSL certificate:

    1. # perl /var/www/imscp/engine/setup/imscp-setup -dar panel_ssl

    If you want reconfigure services (proftpd, postfix, imap/pop) SSL certificate:

    1. # perl /var/www/imscp/engine/setup/imscp-setup -dar services_ssl