Topic: Security Certificate for Mail

[Bud]

guys i know that this has been discussed and i have read the " how to setup email for sme 8 "

my problem is that i have many elderly users on the lan and wan and they are complaining as to why they need to click on yes to accept the security certificate for outlook 2007 - outlook 2013

the users do not want the little security box asking them to accept the certificate

how can i get around the problem?

[guest22]

how can i get around the problem?

Meaning the question of outlook to accept the security certificate pops up every time the users start outlook?

[Stefano]

I think this can help you:

http://blogs.technet.com/b/sbs/archive/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx

[Knuddi]

Well, the real solution is to buy a SSL certificate. RapidSSL costs only ~49$ / year and eliminates the problem nicely.

[Gary Douglas]

Namecheap do Comodo Positive SSL certs for $9 /yr.

[DanB35]

...or startssl.com does them for free.  Or letsencrypt.com will also do them for free when they go live in a few weeks, and will also include multiple hostnames (www.yourdomain.tld, mail.yourdomain.tld, www.yourotherdomain.tld) in the certificate.

[Knuddi]

Just tried out the StartSSL and even though their interface is a little old fashioned, then I now have a working certificate for my mail server. Now all family do not need to have to "accept certificate" when startig Outlook - Nice.

You can only have a single hostname for free and not wildcards, but for mail that is still perfect.

[georgios]

I think this can help you:

http://blogs.technet.com/b/sbs/archive/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx

This what I do for Outlook Clients, you have to import manually for each PC the default SSL of the SME Server with the MMC console.

For information, Thunderbid manages better the IMAPS connections, it keep all the emails in cache.

[janet]

Knuddi & all

You can only have a single hostname for free and not wildcards, but for mail that is still perfect.

Well if you set the CommonName db setting so that your server common name is say
www.mydomain.com
Then purchase/obtain a certificate for www.mydomain.com
Then install the certificate onto your SME server for that domain

Then configure the mail clients to use server hostnames of www.mydomain.com for SMTP & IMAPS.
So you end up with a certificate domain name that is recognised by mail clients & recognosed by https access, so the one certificate covers all, less need for wildcards then, unless you want to use a whole lot of subdomains, but free or cheap certificates are not so appropriate in that circumstance anyway.

Refer Email FAQ & Email Howto etc or search the Forums on CommonName

Edit:
Here it is:
config setprop modSSL CommonName www.mydomain.com
expand-template /home/e-smith/ssl.key/key
expand-template /home/e-smith/ssl.crt/crt
signal-event post-upgrade
signal-event reboot