White Labeling for HostedEmail Service (Installation for a SSL)

Shortcut to this article: opensrs.help/ssl-installation

If you are interested in covering your brand/company's hosted email domain with an SSL so your customers/clients can browse to the webmail address of mail.domain.tld and use that URL for your incoming/outgoing mail servers on email software, you've come to the right place! 

We already provide free SSL connections to end users who wish to use SSL to access webmail or configure their email clients(Outlook, Mac Mail, Thunderbird etc...). Please check the article below
 for details:

Cluster Configurations: opensrs.help/cluster
Cluster A: mail.hostedemail.com OR mail.emailhome.com
Cluster B: mail.b.hostedemail.com OR mail.mailconfig.net

You will not need to maintain or pay for the SSL certificate if you use the above mail servers.  

If, however, you would like for your customers to access a custom subdomain (e.g. mail.acmeinc.biz) that is covered by an SSL, we can install the SSL certificate for you on our hostedemail servers. The costs for this is below:

Installation for SSL:
1. Initial installation cost: $100
2. Reissue of the SSL certificate: $100
3. Renewal of the SSL certificate: $100
4. Any situation where a reinstallation is required: $100

To get started, make sure that the domain (e.g. acmeinc.biz) exists under the "Email" section in the control panel.  Please also map your subdomain (e.g. mail.acmeinc.biz) to our email server, to do this please see our article and section related to the cluster you are located on: What Cluster Am I On: opensrs.help/cluster.

There are two final steps required in which we require the additional information. 
1. If you are choosing to have the CSR generated and installed by us (But you are purchasing the SSL) we require the below details to generate the CSR. (We suggest using this option, please send this to help@opensrs.com)

2. If you have already generated your own CSR and purchased the SSL, please contact our team and we will discuss options to send us the private key along with the certificate details at help@opensrs.com. A protected file is required with a telephone call to support. 

Data Required
Subdomain to use (e.g. mail.acmeinc.biz) Data Required
Country Data Required
State (full state name) Data Required
Locality (full city name) Data Required
Organization (full legal company or personal name Data Required
[Optional] Organizational Unit (branch of organization) Optional
Email Data Required 

Please email us the information to help@opensrs.com. We will then generate a CSR for you that can be used to purchase an SSL certificate. The certificate can be purchased through the OpenSRS control panel or from other providers.  

When ordering the certificate, please choose Apache or Apache+modSSL as the server type.  We support 2048 bit encryption ONLY, please do not obtain a certificate with a higher or lower level of encryption.

Certificate installation and renewal takes about one week, the complete process from start to finish may take two or more weeks (this would include CSR generation), so please allow ample time.

You and your customer's MX records should be mapped to our hostedemail.com email server prior to requesting the installation.
Unless you have a SAN covering their subdomain, their mail DNS record should be left blank or permanently redirected to your subdomain (e.g. mail.acmeinc.biz). They should be using your company's branded subdomain for the email service, not their own.

 

Frequently Asked Questions

Q1: Can a reseller account have multiple custom SSL subdomains?

A1: Yes, though it is not recommended. Each reseller should ideally have one subdomain, such as mail.acmeinc.biz, where all customers sign in. One single subdomain is good for brand reinforcement as well as easier troubleshooting for your support staff.

However, if you would still like to have multiple subdomains, you can provide us with one cert per subdomain or a SAN certificate containing all the subdomains you would like to have, such as

webmail.acmeinc.biz
mail.betacorp.com
centicorp.email
finance.foxtrotcorp.org

Some certificate vendors allow up to 100 SANs per certificate.  For this setup, however, please keep in mind the following caveats: 

  • If you add/remove common names from your cert and need the cert reinstalled, the installation fee of $100 applies per reinstall.
  • If the end user checks the content of the cert, they will see all the SANs listed on the cert. 
  • Since an IP is assigned to the cert, the reverse DNS lookup of that IP will be assigned to the main subdomain on the cert.  Please let us know if you prefer to have another subdomain for the IP in the PTR record.

The CNAME for these common names will need to be mapped to the right cluster in order to prevent browser certificate errors.

Q2: If I already have a certificate containing the SAN I want to use, can I provide that for installation?

A2: Yes. Keep in mind that if you have to re-issue the cert for any reason and the cert has to be reinstalled on our end, the installation fee of $100 applies per reinstall. Please contact OpenSRS Support so we can obtain the private key from you in a secure manner. 

If I purchase a wildcard certificate, can I have unlimited subdomain email logins?

Yes. If you provide a certificate such as *.acmeinc.biz, you can have an unlimited number of subdomains, such as

mail.acmeinc.biz
signin.acmeinc.biz
email.acmeinc.biz
webmail.acmeinc.biz

The CNAME for each subdomain would need to be mapped to the right cluster in order to prevent browser certificate errors.  

Can the certificate be installed on a root domain?

Yes. A certificate can be installed on a root domain, such as

acmeinc.biz

For such an installation, please request a CSR from us and purchase the certificate with the CSR.  After the installation, we will reply back with an IP address so that the root domain can be mapped to the IP.  

Q3: Can I have you install a certificate that is installed on many other servers I own? (For a SAN Certificate)

A3: Yes, please see the above details, and reach out to us at help@opensrs.com as we would require the private key securely sent to us, we will provide instructions for this. 

Have more questions? Submit a request

4 Comments

  • Avatar
    QPG, Ltd. Co.

    If "the mail CNAME should not be mapped to any value" what DNS settings should be used for mail.example.com? I'd love to see the various hosted email DNS settings compiled into a succinct and compact table that skips the fluff and assumes that you understand how to use all of the settings. It would be much easier to digest than some of the current pages that require too much scrolling between the useful bits.

  • Avatar
    Mark L.

    Hello,

    Thanks for your comments about the article. The last bit is referencing your customers domain DNS settings. The CNAME of your white-label SSL domain will continue to point to mail.<domain>.cust.<cluster>.hostedemail.com, but since your customers are now using your white-label domain, they only need to setup an MX record and do not have to worry about setting up a CNAME record.

    I hope this helps! I will forward your suggestions about a succinct DNS article to our documentation team for review. I think this is a great idea!

    Thanks,
    Mark.

  • Avatar
    Tim

    It would be helpful to have the ability to have a cname for our webmail that would then redirect to the default webmail cluster's address so that we don't need to purchase ssl certs and that would force ssl. This is standard practice for google (Google for Work email), network solutions, and godaddy and pretty much most webmail providers.

  • Avatar
    QPG, Ltd. Co.

    I prefer having my SSL certificate installed because it provides assurance to my customers that they are at my site, however what you describe can be easily accomplished with an HTTP redirect using resources you probably already have.

    Use an A record instead of a CNAME.
    Point it to your server's IP address.
    Set up a permanent redirect from http://webmail.example.com to https://mail.hostedemail.com/ (Substitute the destination appropriate for your cluster as found in https://help.opensrs.com/hc/en-us/articles/204770158 )

    If you use apache, see the mod_alias documentation for information how to setup the redirect in your virtual host configuration for webmail.example.com (where example.com is your domain).

Please sign in to leave a comment.