Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: Jáder on July 30, 2013, 12:49:40 PM
-
Hi
I just discovered GoDaddy SSL cert for US$6 and bought one!
I wanna to use SSL cert to get e-mail and webmail ok w/o boring warning about certificate not trusted.
I use mail.mydomain.com as mail server configurated on all clients (mobiles , tablets, thunderbird, ...)
Issue SSL using this as source: http://wiki.contribs.org/Custom_CA_Certificate
It appears to be working BUT
As I have my server named after an animal (tiger, eagle, ...) as eagle.mydomain.com and
I got a certificate for mydomain.com
so if I go to
https://mail.mydomain.com/webmail it not trusted (wrong hostname!),
so I can change it to
https://mydomain.com/webmail
but all clients (Thunderbird) are configurated to use mail.mydomain.com as send/receive server
so I have problems and would like to listen someone more experient about this!
Questions/doubts:
1) Could I create a CNAME alias from mail to @ (@ it´s an A rec and points to valid IP ) ?
2) Should I generate the SSL cert using another hostname?
(I remember to read somewhere mail is not a valid hostname!)?
3) Should I change the way I configure something on SME or on DNS (zoneedit or dyndns on most of them)
Thanks to ANY tip/light on this.
Regards
Jáder
-
jader
...but all clients (Thunderbird) are configurated to use mail.mydomain.com as send/receive server
Use https://mydomain.com/webmail as that matches the certificate
and
Configure the mail clients to use mydomain.com, & your certificate will be usable as it is.
-
Hi Janet
Yes, I could do that, but requires changes on all clients and I really love use mail.mydomain.com as servername! ;)
Do you know if :
1) there are any DNS way to redirect mail.mydomain.com to mydomain.com
2) I can/should change next certificate (to next or same server) to anything else?
3) shouldn´t the script read CommonName from modSSL and create certificate with that? Or can it be done?
4) what should I use as hostname to next SSL certificate from GoDaddy? maybe eagle.mydomain.com ?
Regards
Jáder
-
jader
Yes, I could do that, but requires changes on all clients and I really love use mail.mydomain.com as servername!
Then you would use mail.mydomain.com when you order your new certificate.
Your whole server would then need to be addressed as https://mail.mydomain.com
and mail.mydomain.com is what you would put in your mail clients for incoming & outgoing server name.
You can use whatever domain name you want, but the certificate needs to match the domain name being used.
No need to redirect, as using mydomain.com on your server already allows the server to respond to mail.mydomain.com, the problem is the browser/mail client will give errors if the way you address your server & your server domain do not match the certificate (for secure mail or https connections).
I think you should just keep things simple and use mydomain.com for everything, you gain nothing except vanity by using mail.mydomain.com
-
It will not hurt nobody to make a A name for your IP with mail.mydomanin.com which will point to the same mydomain.com
from my knowledge in mail clients this is only to get the the IP
then you need to have the reverse IP exact the same as the name of the server
-
jader
Then you would use mail.mydomain.com when you order your new certificate.
right... thanks.
It was my first time ordering a SSL cert... I just used the script on wiki page.
I think you should just keep things simple and use mydomain.com for everything, you gain nothing except vanity by using mail.mydomain.com
I think it´s more than vanity... but it´s some time of vanity. :$
If I host my web pages outside server then www.mydomain.com and mydomain.com normally should point to same server/IP and this would be the external one. But mail.mydomain.com is allways my server because I wanna to use it as mail server.
If I have mail outside server (gmail?) I should create a hostname office.mydomain.com so to know how to change/use hostname is usefull for both situations.
I think I´ll try to generate new certificate using CommonName as specified on db database of SME.
I´ll let you know about any progress.
Thank you so far!
Regards
Jáder