Topic: Certificate contrib questions

[tviles]

Which contrib do I use so that when local users on sme server network go to webmail they will not get the certificate error page using IE. Or maybe I just need a link to better understand certificates. This particular network does not allow any public access to Ibays, ftp, etc. Going into Horde mainly to look at a shared calendar.

 

[cactus]

Which contrib do I use so that when local users on sme server network go to webmail they will not get the certificate error page using IE. Or maybe I just need a link to better understand certificates. This particular network does not allow any public access to Ibays, ftp, etc. Going into Horde mainly to look at a shared calendar.

No contrib. Buy a cheap certificate signed by a certificate authority trusted by your OS by default (many can be found using Google) or manually install the certificate on your clients which will save them being prompted.

[tviles]

Sorry don't know why I am struggling so much with this. By doing this it would tell my clients that they have actually made it to the right destination on their local network? I see a Go Daddy certified domain for 2.99 a year am I on the right track? But that will still stop them and ask for their certificate? That is why you are telling me to install it on each client correct?

[mercyh]

I see a Go Daddy certified domain for 2.99 a year am I on the right track?

No

You need to google "security certificate" and learn what they are. Here is a short and simple article:

http://www.christian-web-masters.com/articles/web_security-certificate.html

and some information on how to manipulate them in SME:

http://wiki.contribs.org/Certificates_signed_by_own_CA

http://wiki.contribs.org/Custom_CA_Certificate

[tviles]

OK I understand now the function of a certificate. I will try the first contrib you suggested I have been looking at that one and think I can do that. I have to figure out how to edit that file. (openssl.cnf) I do know how to VPN in then use putty and login as root and get to that dir. I just have to read more about some way to edit it.
tar to linux is like pkzip to windows I think. So I hope SME can un tar it.
 

[mercyh]

If you only have one server, I don't see how that will help you. You will still have to accept the root certificate on each of the clients.

SME should only renew it's default certificate once a year (or if the system name changes) so if you only have one server, just add it's certificate to your browser's trusted certificates and you should not get the error for a year. If you have too many machines to manually add the cert to each one, your best bet is to purchase a certificate from a company that has a valid root certificate already installed on your machines and you would never see the invalid certificate screen again.

[tviles]

Just a comment here and this is not a huge issue. I can download and install the SME certificate into trusted folder within IE. I still get asked when I go into the webmail if this is OK - I click yes and when I get into webmail the title bar in IE still shows certificate error.

[janet]

tviles

Access your browser using
https://servername.domainname.com/webmail
and install the certificate into your browser the first time you are asked.
If you use Outlook Express, then install the certificate into Internet Explorer so OE will be happy with it.

[tviles]

That did it! Thanks. I was not using proper link to get in I guess. I was using www.XXXX.local/webmail
Now using https://servername.domain.local/webmail I go right in with the padlock showing on top bar.

[janet]

tviles

I was not using proper link to get in I guess. I was using www.XXXX.local/webmail
Now using https://servername.domain.local/webmail I go right in with the padlock showing on top bar.

The original link you used was different to the self signed certificate details, so therefore the "error".