Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 8.x
  4. Topic: SSL for each domain
« previous next »
Pages: [1]   Go Down

SSL for each domain

  • 1 Replies
  • 2018 Views

Offline igloosys

  • *
  • 10
  • +0/-0
SSL for each domain
« on: December 27, 2014, 05:59:11 AM »
hi, i saw a contrib on managing SSL certificates http://wiki.contribs.org/Certificate_ssl_management and also this link http://wiki.contribs.org/Certificates_Concepts

i have 3 domains setup in a server running SME 8.1. Whenever the email client such as outlook 2010/2013 or windows live mail or thunderbird is starting, there will be a prompt that states the certificate is not verified and blah blah. it used to be fine as i import the certificate into the computer. but over time, this step no longer works.

i was thinking if adding a CA signed certificate that supports multiple domain will remove this prompt.

http://wiki.contribs.org/Certificates_Concepts and under this section,
Problem with email client
Also if using the self signed certificate, instead of configuring your email client to use say mail.yourdomain.com for sending and receiving mail server names, then change that to servername.yourdomain.com, and that way the email client will not create a warning/error each time you access the mail system on your server ie by clicking the Send/Receive button in the email client ie the certificate name will match the requested server name.
i tried that, it doesnt work as the certificate is actually *.domain.com

Am I missing something here?  :sad:
Logged

Offline stephdl

  • *
  • 1,523
  • +0/-0
    • Linux et Geekeries
Re: SSL for each domain
« Reply #1 on: December 27, 2014, 10:39:23 AM »
The contrib is just here to give your life easier, you have to use a certificate  that supports multiple domains if you really don't want to see warnings. However you can also customise your certificate (of course it is valid for one domain)

for example(i don't have a static IP)

my main sme domain is de-labrusse.xx
my dynamic dns is stephdl.xxxx.xx
the sme certificate is of course hostname.de-labrusse.xx

I use the dynamic domain for reaching my server on the internet, and of course you will have warnings
if you use  stephdl.xxxx.xx, you will have warning that the certificate is hostname.de-labrusse.xx and it doesn't match
but if you set a different common name which match the dynamic dns name, no more warnings if you use the common name for reaching your server.
 http://wiki.contribs.org/Certificate#How_to_change_your_certificate

when I speak about no more warnings, of course as it is a self signed certificate, you have a non trusted warning.
Logged
See http://wiki.contribs.org/Koozali_Foundation
irc : Freenode #sme_server #sme-fr

!!! Please write your knowledge to the Wiki !!!
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 8.x
  4. Topic: SSL for each domain