Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: spook on February 11, 2006, 11:39:21 AM
-
Whenever I check my mail on my SME server, I get a warning in Thunderbird, that the name on the certificate supplied by my server, doesn't match the name of the server that I am connecting to, and someone might be trying to snag the traffic between me and my server.
The trouble is that the certificate from the server says that the server is called server.gutaarn.dk, which is correct, but to get my mail, I just type in "gutaarn.dk" as both smtp and pop3 server. It works, I get all my mails (twice, but thats another thread), but every time Thunderbird connects to the server, I get the annoying message. Is there some way I can change the certificate supplied by the server, so it just says "gutaarn.dk" instead of "server.gutaarn.dk"?
-
Hi spook,
Yes you can change the certificate using this (http://no.longer.valid/phpwiki/index.php?pagename=Creating%20SSL%20Certificates) howto.
Or you could try setting pop3 and smtp to the name on the certificate e.g. server.gutaarn.dk and see if it works.
I'd try the second option first as it is the least troublesome. Hope this helps!
Regards,
Jan
-
A word of warning if you are creating your own self signed certificates.
If you create the certs with a pass phrase, while more secure, you will however have to input that pass phrase every time httpd restarts.
This means that a reboot will stop until you have entered the pass phrase. This is not very handy if the server is remote or in the basement and running headless i.e no monitor and keyboard.
In this situation it is better to create the cert without pass phrase.
Jon
-
Try renaming your server from whatever you named it
To www and reboot.
After that go in
/var log/httpd/ssl_engine_log and emty this
and log in to your site with https
and se the log after that it worked for me
Jan
just to prove it
[14/Feb/2006 12:55:49 02176] [info] Server: Apache/1.3.27, Interface: mod_ssl/2.8.12, Library: OpenSSL/0.9.6b
[14/Feb/2006 12:55:49 02176] [info] Init: 1st startup round (still not detached)
[14/Feb/2006 12:55:49 02176] [info] Init: Initializing OpenSSL library
[14/Feb/2006 12:55:49 02176] [info] Init: Loading certificate & private key of SSL-aware server www.design.jm-data.dk:443
[14/Feb/2006 12:55:49 02176] [info] Init: Seeding PRNG with 512 bytes of entropy
[14/Feb/2006 12:55:49 02176] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[14/Feb/2006 12:55:49 02176] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[14/Feb/2006 12:55:50 02177] [info] Init: 2nd startup round (already detached)
[14/Feb/2006 12:55:50 02177] [info] Init: Reinitializing OpenSSL library
[14/Feb/2006 12:55:50 02177] [info] Init: Seeding PRNG with 512 bytes of entropy
[14/Feb/2006 12:55:50 02177] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[14/Feb/2006 12:55:50 02177] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[14/Feb/2006 12:55:50 02177] [info] Init: Initializing (virtual) servers for SSL
[14/Feb/2006 12:55:50 02177] [info] Init: Configuring server www.design.jm-data.dk:443 for SSL protocol
[14/Feb/2006 12:55:50 02177] [warn] Init: (www.design.jm-data.dk:443) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[14/Feb/2006 12:56:43 02181] [info] Connection to child 1 established (server www.design.jm-data.dk:443, client 90.0.0.1)
[14/Feb/2006 12:56:43 02181] [info] Seeding PRNG with 1160 bytes of entropy
[14/Feb/2006 12:56:43 02181] [info] Connection: Client IP: 90.0.0.1, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[14/Feb/2006 12:56:43 02181] [info] Initial (No.1) HTTPS request received for child 1 (server www.design.jm-data.dk:443)
[14/Feb/2006 12:56:43 02181] [info] Connection to child 1 closed with unclean shutdown (server www.design.jm-data.dk:443, client 90.0.0.1)
[14/Feb/2006 12:57:04 02182] [info] Connection to child 2 established (server www.design.jm-data.dk:443, client 90.0.0.1)
-
Just edit a little
Jan :hammer:
-
Wow, I'm not so sure that's a good idea Jan. My hosted sites crapped out after doing this, I renamed the server back, now all is well.
-
Sorry for that
i dont have any hosted site so i didnt know that
what version do you use
mine was v.6 at that time
now i use 7.0.rc1
Jan
-
7.0rc1, what broke was Joomla!, it was giving mysql errors
-
spook
I just type in "gutaarn.dk" as both smtp and pop3 server.
Should it be mail.gutaarn.dk ... thats the default I'm sure ... have a look at your "Review configuration" page in server-manager and see what is next to SMTP, POP, and IMAP mail servers.
Also if you have played arround with the domain name a few times you may want to open Thunderbird and go into Tools, Privacy, Security tab and view certificates ... under the website tab you may want to delete the certificate and let it re-setup the cert.
I had this a few times while playing around with domains etc.
Regards,
Tib