The white labeling solution lets your customers reach webmail over an SSL-protected custom subdomain — for example, webmail.yourdomain.tld — instead of the default OpenSRS hostname. The same custom hostname can be used as the incoming and outgoing mail server in client configurations. This FAQ answers the most common questions about certificates, subdomains, and installation.
How white labeling works
You choose a subdomain (or root domain) on your branded namespace, point its CNAME to the correct OpenSRS cluster, and provide an SSL certificate that covers the hostname. OpenSRS installs the certificate, assigns an IP, and your customers see your brand throughout webmail and mail-client setup.
Can a reseller account have multiple custom SSL subdomains?
Yes, but one subdomain per reseller is recommended. A single hostname reinforces your brand and simplifies support — your staff only ever troubleshoot one entry point. If you do need multiple subdomains, provide either one certificate per subdomain or a single Subject Alternative Name (SAN) certificate that lists every hostname (for example, webmail.yourdomain.tld, mail.yourdomain.tld, finance.yourdomain.tld).
Some certificate vendors allow up to 100 SANs per certificate. Before you go this route, note the following:
- Adding or removing common names from the certificate means a reinstall. The $100 installation fee applies per reinstall.
- End users who inspect the certificate see every SAN listed on it.
- Because an IP is assigned to the certificate, the reverse DNS (PTR) record for that IP resolves to the primary subdomain. Tell OpenSRS Support if you want a different subdomain used in the PTR.
Note: Each common name's CNAME must point to the correct cluster, or browsers will return certificate errors.
Can I provide my own certificate for installation?
Yes. If you already hold a certificate that contains the SAN you want to use, you can supply it for installation. The $100 installation fee applies any time the certificate is reissued and reinstalled. Contact OpenSRS Support to arrange secure transfer of the private key.
If I buy a wildcard certificate, can I have unlimited subdomain logins?
Yes. A wildcard certificate such as *.acmeinc.biz covers any number of single-level subdomains — mail.acmeinc.biz, signin.acmeinc.biz, email.acmeinc.biz, webmail.acmeinc.biz, and so on.
Note: The CNAME for each subdomain must point to the correct cluster to avoid browser certificate errors.
Can the certificate be installed on a root domain?
Yes, you can install the certificate on a root domain such as acmeinc.biz. For this setup, request a Certificate Signing Request (CSR) from OpenSRS and purchase the certificate using that CSR. After installation, OpenSRS sends you an IP address so you can map the root domain to it.
Can OpenSRS install a certificate that is already deployed on other servers I own?
Yes, for SAN certificates that are already in use on your other infrastructure. OpenSRS needs the private key delivered securely — contact Support and we will provide instructions for the secure transfer.
Next steps
- Choose your subdomain strategy — settle on a single branded subdomain, a SAN list, or a wildcard before purchasing a certificate.
- Identify your cluster — confirm the correct CNAME target for your reseller account before publishing DNS.
- Contact OpenSRS Support to begin installation — once you have the certificate (or a CSR request), Support coordinates installation, IP assignment, and any PTR adjustments.
Questions? Contact OpenSRS Support.
How helpful was this article?
Thanks for your feedback!
Do you still need help? If so please submit a request here.