Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: etmrugl on February 07, 2009, 10:10:13 PM

Title: Certificate error from local LAN on server-manager [SOLVED]
Post by: etmrugl on February 07, 2009, 10:10:13 PM: when I try to access the server-manager through:
https://localserver/server-manager
Internet Explorer 7 complains about a Certificate error, to be more specific "Mismatched Address" , The security certificate presented by this website was issued for a different website's address.

When I view the certificate it is issued for localserver.mydomain.net. If I go to the server-manager by typing https://localserver.mydomain.net/server-manager IE says: cannot display the webpage.

I have the same issue with https://www.mydomain.net/webmail if I access it from my local LAN.

Does anyone has a clue how to solve this? I searched all day, but with no luck. Running SME Server 7.4

BR, Ruud
Title: Re: Certificate error from local LAN on server-manager
Post by: Craig Cabrey on February 07, 2009, 11:05:04 PM: Does the DNS server properly resolve 'localserver.mydomain.net'? In other words, does that address resolve to the correct IP or not at all?
Title: Re: Certificate error from local LAN on server-manager
Post by: cactus on February 07, 2009, 11:14:52 PM: Quote from: etmrugl on February 07, 2009, 10:10:13 PM
Does anyone has a clue how to solve this? I searched all day, but with no luck. Running SME Server 7.4
Most likley because SME Server uses a so-called self-signed certificate, which is not signed by any major trusted party build in in your OS. Is there no option to accept the certificate or pass this, I am unfamiliar with latest IE's, but I believe older ones, as well as all Firefox browsers have a option to still accept the certificate. Most of the times the clue/link for accepting the certificate is somewhere in small print on the error page.

If you accepted this in the past it might be that the certificate changed and you will need to delete the trust with the old one and accept the new one.
Title: Re: Certificate error from local LAN on server-manager
Post by: etmrugl on February 07, 2009, 11:28:53 PM: DNS:

nslookup localserver will resolve to the correct internal IP address
nslookup localserver.mydomain.net : can't find / Non-existant domain.
Title: Re: Certificate error from local LAN on server-manager
Post by: etmrugl on February 07, 2009, 11:33:33 PM: Hi Cactus,

the issue is not about accepting certificates, but about mismatched addresses. In my webbrowser I point to https://localserver/server-manager and the certificate says localserver.mydomain.net. IE does not accept that.
Title: Re: Certificate error from local LAN on server-manager
Post by: etmrugl on February 08, 2009, 12:35:31 AM: If I set the CommonName to 'localserver' the server-manager from within the local LAN will work without certificate error, but then the webmail from the outsite will NOT work without ceritificate error.
So it seems that there should be 2 directions for a solution:

1. use internally 'localhost.mydomain.net/server-manager'
(which currently doesn't work on my server)

2. use a certificate that both serves 'localhost' and 'www.mydomain.net'
(and I don't how to get that working)
does anyone has an idea?
Title: Re: Certificate error from local LAN on server-manager
Post by: p-jones on February 08, 2009, 10:55:02 AM: Etmrugl

I am not sure if I am understanding your problem.

Have you tried to flush your DNS cache on your workstation ? (ipconfig /flushdns) or by doing a repair on the network connection then repeating your eforts ?
Title: Re: Certificate error from local LAN on server-manager [SOLVED]
Post by: etmrugl on February 08, 2009, 11:33:12 AM: I found the problem:
On my workstation I used the ADSL-modem/router as DNS server. As soon as I started to use the sme server as preferred DNS server, everything worked fine.