Koozali.org: home of the SME Server

Obsolete Releases => SME Server 8.x => Topic started by: detlevp on June 27, 2014, 01:17:42 PM

Title: certificate problem in Browser and Mailclients
Post by: detlevp on June 27, 2014, 01:17:42 PM

Hello,
I have installed a certificate on the SME server according to these instructions (http://wiki.contribs.org/Custom_CA_Certificate). Unfortunately I get still in all browsers and mail clients a certificate error. Is there possibly another solution proposal so that the annoying confirmation will be invisible?

Regards Detlev

Title: Re: certificate problem in Browser and Mailclients
Post by: Stefano on June 27, 2014, 01:25:51 PM

you should tell us the error message you have "in all browsers and mail clients"..
are you sure the new certificate has been imported in the clients?
what email client are you talking about? outlook?

Title: Re: certificate problem in Browser and Mailclients
Post by: Daniel B. on June 27, 2014, 01:27:56 PM

This page is about creating a certificate signed by CACert, you have to import the CACert root certificate in your trusted keystore to remove the warning (this operation is different for each devices and OS, so, no simple instructions).
If you really want to have remove the SSL warning without having to manually import a trusted CA, you have to get a certificate from a certificate vendor. You can try startssl for example, which signs certificates for free (single domain)

Title: Re: certificate problem in Browser and Mailclients
Post by: janet on June 27, 2014, 10:05:57 PM

detlevp

Quote

...you have to import the CACert root certificate in your trusted keystore to remove the warning (this operation is different for each devices and OS, so, no simple instructions)

This is mentioned in the Howto
http://wiki.contribs.org/Custom_CA_Certificate
very near the end:
"Once you have created/installed this certificate then if the client has the cacert.org root certificate installed then they should be able to go to any domain on your box and not get a warning."

So that means each devices email client/browser/OS must install the cacert.org root certificate.
Godaddy is another cheap alternative for certificates, that automatically has root certificates installed in browsers etc, as long as the device is kept up to date.

Title: Re: certificate problem in Browser and Mailclients
Post by: detlevp on June 30, 2014, 01:02:36 AM

Hi Janet,

Quote from: janet on June 27, 2014, 10:05:57 PM

detlevp

This is mentioned in the Howto
http://wiki.contribs.org/Custom_CA_Certificate

I have install exact at this Howto. Only, i miss understood the part with you might have to add an Intermediate certificate from the SSL authority. Where come the {CA}.crt?

Quote from: janet on June 27, 2014, 10:05:57 PM

very near the end:
"Once you have created/installed this certificate then if the client has the cacert.org root certificate installed then they should be able to go to any domain on your box and not get a warning."

So that means each devices email client/browser/OS must install the cacert.org root certificate.
Godaddy is another cheap alternative for certificates, that automatically has root certificates installed in browsers etc, as long as the device is kept up to date.

o.K. this is a good tipp, I want to test this. Many Thanks

Regards Detlev