Hi All,
There are three things that are checked by the Browser / Mail client when connecting via SSL...
1) The Issuer of the Certificate,
2) The Start / Expiry Date of the Certificate,
3) The "name" on the Certificate.
If the certificate has expired or has not yet come into effect, the client machine will not trust the certificate and will check
every time that you want to continue.
If the "name" on the certificate does not match the servername you are trying to access, (e.g the Certificate is for
www.domain.com and you are going to mail.domain.com) then it will pop up and ask you
every time.
If the Issuer is not trusted, then you
can tell it to install the certificate and it will not ask again.
Basicly, if you want to access the secure email server, and not have the popup every time, you have two options...
1) In the server address, enter hostname.domain.com. this is the default certificate that is created when you install SME. (this certificate will only work for 12Months afetr the first date of installation.
2) Create a new ssl certificate, if you don't know how, I have a document on my server that should help you...
http://www.nsluk.org/ssl.htmWhen you create the certificate, it will ask you for "Your Name" instead enter the server address that you would like to use to connect. e.g mail.domain.com
The only problem that I have found is that if you installed the Secure Email addon BEFORE you created the certificate that Secure Email will continue using the old certificate.
If anyone knows how to make the Secure mail addon update its SSL certificate from the http one.. PLEASE let me know
Hope this was helpful.
4 Replies
1578 Views