Topic: PORT 443 PASS THROUGH

[billmakr]

I have a webserver behind my sme v7.5.1 that is listening on port 443. I have installed my thawte cert files on that server. I set up a port forward on the SME to forward port 443 to internal webserver where the thawte certificate is installed. When a user comes to my site he is getting the self signed cert on the sme server instead of being cleanly passed to the port forwarded redirect. This causes an error on the browsers. If users accepts the self signed cert and is passed through, my thawte verify works ok. I need a way to make the SME pass this through clean. Please help. Also would like to enable http webmail only.

Thank in advance for any help offered

[cactus]

Thank in advance for any help offered

This is security wise a very bad decision as using the http protocol means that password are not encrypted when they are transfered between client and server, making it easy for hackers to intercept the password. When using https this is encrypted.

BTW Why do you not just install the certificate on your SME Server?

[billmakr]

The certificate was already configured on the webserver when a monowall router only was my gate keeper. I could redirect the 443 port where I wanted. I intended to use SME as the gateway so I could make use of the other options. I would think that if you port forwarded 443 in the SME it would forward the port. I do not want to be forced to continue to use both the monowall and the SME.  I saw the posts about security on non https webmail but that decision should be left to the user rather than arbitrarily decided by one who may not be aware of the end user requirements. The return of the simple choice menu which was included in earlier releases allowing http or http/https or disabled would be welcome. One last comment regarding installing the ssl certificate on the SME : A  simple routine to implement this like a panel choice would be a good suggestion for a feature/contrib option. Almost all other servers have a simple bat/scp file that asks the questions and creates the file with another that takes the cert file and installs it in the correct places. For a non linux user, the how to instructions are confusing and leaves a lot of  room for error. Please do not assume I am bashing SME. I admire and appreciate all those who have donated their time and expertise.

[cactus]

I would think that if you port forwarded 443 in the SME it would forward the port. I do not want to be forced to continue to use both the monowall and the SME.

That would also render your server-manager inaccessible IMHO as that is also served over https (only).

Please do not assume I am bashing SME.

I don't think you are.

[billmakr]

Thank you for your assistance. I see that there are now too many processes based on https being used by the SME to be a simple port redirect. Perhaps you would be kind enough to offer guidance in the moving of the certificate from the back end server to the SME. Can one just move the certificate files to the SME server in the correct places even if the certificates were generated on a different server? If so, then that would be the best solution.