We’ve recently updated the SSL certificates across our shared hosting server fleet, which we’ve found to be resulting in issues for some users of the two above programs which may sometimes no longer allow the user to manually trust SSL certificates that don’t match the mailserver. This appears to affect existing accounts more commonly than new accounts.
What does that mean?
To elaborate further, all of our servers have an SSL certificate installed. This SSL certificate is shared across all users of the server, and registered to the server’s hostname. For the examples below, we will assume the hostname of the server is vmcp39.digitalpacific.com.au.
When you set up email on a device/app, you have four main options of how to go about it:
Option 1:
– SSL security turned on (using your server’s shared SSL certificate, registered to vmcp39.digitalpacific.com.au)
– Using a personalised incoming/outgoing mail server, such as mail.yourcompany.com.au
– Manually telling your mail app to trust the server’s shared SSL certificate even though it is registered for vmcp39.digitalpacific.com.au and doesn’t match your personalised incoming/outgoing server setting of mail.yourcompany.com.au
Option 2:
– SSL security turned on (using your server’s shared SSL certificate, registered to vmcp39.digitalpacific.com.au)
– Using your server’s hostname as the incoming/outgoing mail server, such as vmcp39.digitalpacific.com.au (which matches the registered hostname on the shared SSL certificate)
Option 3:
– Purchase your own custom SSL certificate or use a custom Let’s Encrypt SSL certificate, registered to mail.yourcompany.com.au.
– SSL security turned on (using your own custom SSL certificate)
– Using a personalised incoming/outgoing mail server, such as mail.yourcompany.com.au
Option 4:
– SSL security turned off
– Using a personalised incoming/outgoing mail server, such as mail.yourcompany.com.au
The Problem and Solution
Essentially, Option 1 above sometimes no longer works for Windows Mail and the iPhone Mail app. We therefore are recommending affected users of these two softwares to swap over to Option 2 or Option 3.
We would always advise against Option 4, as it is the least secure option and could potentially allow your emails to be intercepted by unwanted persons between you and the recipient.
