Topic: Need assitance with new server setup

[schick]

Greetings from Saskatchewan

I have recently setup a SME box. So far so good. I am encountering things that I expected, as I realize although being used to Linux, I am new to SME.
I need help though.

I have SME set up so that multiple domains will each have email and web services. I have run into a snag. Do I need a separate .pem for every domain I plan to provide email for? I have encountered the following:

My box is called mail.domainONE.com (not really)
-I host domainTWO.com, domainTHREE.com, etc

-I believe the .key and .crt are set for mail.domainONE.com
-I also believe that a .pem is set for mail.domainONE.com

I was testing email for mail.domainTWO.com and encountered certificate errors explainingg that I had a certi mismatch. Basically, it expected domainTWO, but DomainONE was provided.

-Do I need a .pem for each?
-How do I do this?
-As I try to access https for all the domains will I encounter cert erros there too?
-Do I need .key and .crt for each domain.
-I already know how to make .key and .crt files, but I have no idea how to "attach" them to each domain.

Please note that I have looked arounf the forum and have seen numerous references to wildcat domains, but those references seem to suggest that they intend to handle things like www.domain.com, subdomain1.domain.com, subdomain2.domain.com, but not separate domains like a.com, b.com, etc.

I would also like to know how to set Spamassassin to "custom" properly.
I know I can pick a "custom" level in server-manager, but I don't what settings to make after that.
 Searching for spamassassin in the forum provided way too much info.

Lastly, any good links for me out there that describe how to go about creatineg, editing, or understanding templates (templates-custom?)?

Thanks.

[TrevorB]

Lastly, any good links for me out there that describe how to go about creatineg, editing, or understanding templates (templates-custom?)?

http://wiki.contribs.org/SME_Server:Documentation:Technical_Manual:Chapter3

http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual (especially Sections 2 & 4)

Happy Reading

[schick]

Thanks for the links. Very helpfull.

Now if only I can figure out how to have separate keys and certs for separate domains.

[dmay]

Now if only I can figure out how to have separate keys and certs for separate domains.

SME by default supports only one cert. If you want multiple certs for multiple domains you will have to customize this into SME. AFAIK no one has released any contrib to accomplish this yet.

Darrell

[schick]

Thanks for the answer.

That's too bad.

As I understood it, SME was designed to provide an easy method to serve one or more domains. So now my clients will be prompted with popups everythime they login into their email clients, because they are setup to access mail.theirdomain.com, while the certificate is for mail.first domaininstalled.com.

I know that they can import the key to their systems, but frankly that's a pain in the butt for non-technical users.

Thanks again for the answer though. I guess I'll have to really start learning SME tricks and such so I can figure this out. (if it's remotely possible)

[CharlieBrady]

Now if only I can figure out how to have separate keys and certs for separate domains.

SME by default supports only one cert. If you want multiple certs for multiple domains you will have to customize this into SME.

Incorrect. SME does not support more than one IP address Internet facing. You can only support more than one SSL certificate if you have more than one IP address. You cannot use multiple SSL certificates for virtual domains because the certificate must be chosen and used to initiate encryption before the name of the desired domain is known.

This has been asked and answered many times.

[bpivk]

Charlie i have a question....

What about a certificate that adapts to the url you type?

Let's say that user types www.domain.com and server uses domain.com, another user uses domain1.com and he gets a domain1.com certificate (similar to the way sme certificate works by using $ domainname parameter).

I have seen some discussion about that but i don't know where (i suspect the bugtracker ).

Could this be done or would you have to recreate the certificate if you wanted to do something like that (and that would be just what sme is doing atm so it wouldn't be anything new).

[CharlieBrady]

What about a certificate that adapts to the url you type?

The sequence of events is:

- the browser connects to the server
- the client and server negotiate SSL, using the (one) certificate which the server has
- the browser hands over the URL it is interested in, via the now encrypted connection

As you can see, there's *no* possibility to use a different certificate for different URLs.

[dmay]

Google for multiple-domain certificates. Here is one:

http://www.positivessl.com/ssl-certificate-products/ssl/multi-domain-ssl-certificate.html

Code: [Select]

Through a single certificate you can secure up to 100 fully qualified domains or websites on a single IP address.

For example, one Multi-Domain Certificate for a single IP address can be used for:

    * https://secure.website1.com
    * https://secure.website1.co.uk
    * https://www.website.com
    * https://secure.website2.com
    * https://login.website2.com
    * https://any-domain.any-tld

Darrell

[boss_hog]

Howdy all,
I checked out the site Darrell linked to.
It seems a little confusing.

Google for multiple-domain certificates. Here is one:

http://www.positivessl.com/ssl-certificate-products/ssl/multi-domain-ssl-certificate.html
....
Darrell

At the bottom of the linked page is this:

Code: [Select]


Notes

** Both IIS and Apache based web servers support the MDC when used in a 'standard' hosting environment where each site has its own unique external IP - administrators will benefit from the convenience of using a single certificate to secure all their domains and enjoy a reduced price per domain over single certificates.....


This appears to mean each site needs its own external IP address(?).
IIRC, this is the bottom line problem with SSL-certs and shared hosting
 on single external IP.
Input??
Joe

[schick]

Thanks for the feedback guys.