Testing cPanel SNI SSL for mail (exim and dovecot)
After a few requests, I’ve explained more about how cPanel uses SNI to secure mail services using SSL certificates issued with AutoSSL.
1 Testing Dovecot SNI TLS/SSL Request
How to test Dovecot is using the correct certificate with an SNI request:
openssl s_client -connect
The “SNI Name” is the name of your customer’s domain mail server, so for example, mail.yourcustomer.com
2 Testing Exim SNI TLS/SSL Certificate
openssl s_client -tls1 -starttls smtp -connect
As above, the “SNI Name” is the name of your customer’s domain mail server, so for example, mail.yourcustomer.com
More about AutoSSL, SNI and cPanel’s SSL developments
OMG, cPanel now supports using SNI SSL certs for mail services that are generated using AutoSSL!
Wait, what? OK here’s why you should be excited.
For a long time if you wanted to use TLS/SSL encryption on domains hosted on cPanel you had two options. 1) Secure the name of your server with an SSL certificate and then get all your clients to use yourserver.yourdomain.org as their server name OR 2) use the self signed cert and make them accept an error on each connection.
But now cPanel supports SNI SSL certificates for exim and dovecot, which means you can use a different certificate for each of your domains without having to have a dedicated IP for each site.
I know what you’re thinking, that’s awesome, but I still need to buy an SSL certificate for each of them… This is where AutoSSL comes into play. cPanel now issues a cPanel (backed by comodo) certificate for EACH domain on your server.