Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: piero on September 07, 2014, 02:20:25 PM

Title: Authorize the certificate sme8 as reliable (chromium / Linux) (solved)
Post by: piero on September 07, 2014, 02:20:25 PM

Hi everyone

I would like to remove the warning message of chromium when customers connects in the webmail of sme8. The Sme8 server and the customers are in the LAN, the customers use chromium under ubuntu to connect in the webmail

The certutil commmand does not work for sme8 (but it works for others server in the LAN in https)

Code: [Select]

openssl s_client -connect sme8:443 -showcerts > sme8.crt
certutil -d sql:$HOME/.pki/nssdb -A -t CP,,C -n "sme8" -i sme8.crt
The ping and the opening of the page https://sme8/webmail works
SME Server 8.1
chromium 37

Thanks in Advance,

Title: Re: Authorize the certificate sme8 as reliable (chromium / Linux)
Post by: Stefano on September 08, 2014, 05:41:30 PM

Hi Piero, welcome here

in my experience, if you use the FQDN of the server, you should get the certificate alert only on the first time..
this doesn't happen if you use
https://server_ip/webmail (https://server_ip/webmail)

or

https://servername/webmail (https://servername/webmail)

try and let us know

BTW, are you from italy? if so, please come to italian language forum too, thank you

Title: Re: Authorize the certificate sme8 as reliable (chromium / Linux)
Post by: piero on September 12, 2014, 08:20:47 AM

Hi stefano, thank you for the welcome

Quote from: Stefano on September 08, 2014, 05:41:30 PM

in my experience, if you use the FQDN of the server, you should get the certificate alert only on the first time..

With mozilla firefox, it works. (with IP or FQDN)
But with chromium (on linux) , there is a warning message in every restart (and the passwords are not registered)

Apparently, it is necessary to make some manipulation under Linux to accept Self-signed certificate. It works with one of my servers (proxmox ) but not with sme (see https://code.google.com/p/chromium/wiki/LinuxCertManagement)
sme server and customers are in the local area

BTW, I come from France.

Title: Re: Authorize the certificate sme8 as reliable (chromium / Linux)
Post by: Stefano on September 12, 2014, 11:22:28 AM

I would suggest you ro read:

http://wiki.contribs.org/Certificate
http://wiki.contribs.org/Certificates_Concepts

and to get a certificate from http://www.startssl.com for free..

HTH

Title: Re: Authorize the certificate sme8 as reliable (chromium / Linux)
Post by: stephdl on September 12, 2014, 12:57:14 PM

http://wiki.contribs.org/Certificate_ssl_management

A contrib to give easier the certificate management

Title: Re: Authorize the certificate sme8 as reliable (chromium / Linux)
Post by: piero on September 14, 2014, 12:58:47 PM

I think I realized my mistake (of beginner)
the sme server is in the lan, and it is only used to get back e-mails on an external server (with smeserver-fetchmail).
I accessed with https://sme instead of https://sme.domaine
your links help me to understand my mistake
Sorry, that's a rookie mistake

thank you for your feedback