Topic: My site is blocked on IE7 bacause of certificate

[calisun]

I use firefox myself, so I was unaware of the issues users have that use IE7 when connecting to webmail.

In Firefox I get a message that there is a certificate mismatch, but I have a button that I will allow that certificate permanently.
But in IE7, users get a nasty message that this site is not what it is supposed to be and users are given choice: Leave this site (recommended) or enter the site (Not recommended).  And they get this message every time they try to enter, there is no way to "always allow" like in Firefox. And when they enter, the URL is highlighted in nasty red.

Why are our certificates giving this problem? I could see having certificate message that the certificate was not issued by recognized agency. But the massage we get is that the certificate issued does not match domain, but we have only one domain at this particular location/ server.
 

[judgej]

SME server creates one certificate for one domain. Check the domain that Firefox says the cert is for, and you will probably find the end users are not using it.

For example, if your machine is called 'sme' on the domain 'example.com', then the *single* cert will match only the domain sme.example.com. If you try to access https://www.example.com/ then the cert will be in error. The same problem occurs if accessing IMAPS, POPS or SMTPS using a domain other than that in the cert. For example, using mail.example.com would seem logical, but you get a cert error if the cert is actually registered against www.example.com, so your e-mail client should use the less-intuitive www.example.com

What you probably need to do, is to create additional certs for each domain the users will be visiting.

There is a little bit about custom certs here: http://wiki.contribs.org/Certificate but I've never seen a HOWTO on adding multiple certs.

I wonder if SME Server should be creating multiple self-signed certs by default, for a range of domains, www-, mail-, pop-, etc.?


Oh, and IE7? Completely unecessary scary-tactics, requiring five mouse clicks and ignoring of dire warnings to get around it. It's just silly, but I guess it was put in to help ease us into the wonderful world of Vista.

[imcintyre]

I and others had trouble getting to my site, when using IE7, beyond the unnecessary scare tactics.

I did 2 things to resolve, unfortunately all on the client side. The first was to allow cookies to my sight and the second was to clear delete the browsing history.

Hope this helps.