Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: Bud on October 28, 2015, 06:11:56 AM

Title: Security Certificate for Mail
Post by: Bud on October 28, 2015, 06:11:56 AM

guys i know that this has been discussed and i have read the " how to setup email for sme 8 "

my problem is that i have many elderly users on the lan and wan and they are complaining as to why they need to click on yes to accept the security certificate for outlook 2007 - outlook 2013

the users do not want the little security box asking them to accept the certificate

how can i get around the problem?

Title: Re: Security Certificate for Mail
Post by: guest22 on October 28, 2015, 07:58:27 AM

Quote from: Bud on October 28, 2015, 06:11:56 AM

how can i get around the problem?

Meaning the question of outlook to accept the security certificate pops up every time the users start outlook?

Title: Re: Security Certificate for Mail
Post by: Stefano on October 28, 2015, 10:20:54 AM

I think this can help you:

http://blogs.technet.com/b/sbs/archive/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx

Title: Re: Security Certificate for Mail
Post by: Knuddi on October 29, 2015, 05:18:09 PM

Well, the real solution is to buy a SSL certificate. RapidSSL costs only ~49$ / year and eliminates the problem nicely.

Title: Re: Security Certificate for Mail
Post by: Gary Douglas on October 29, 2015, 05:24:59 PM

Namecheap do Comodo Positive SSL certs for $9 /yr.

Title: Re: Security Certificate for Mail
Post by: DanB35 on October 29, 2015, 05:33:25 PM

...or startssl.com does them for free.  Or letsencrypt.com will also do them for free when they go live in a few weeks, and will also include multiple hostnames (www.yourdomain.tld, mail.yourdomain.tld, www.yourotherdomain.tld) in the certificate.

Title: Re: Security Certificate for Mail
Post by: Knuddi on November 01, 2015, 10:35:13 AM

Just tried out the StartSSL and even though their interface is a little old fashioned, then I now have a working certificate for my mail server. Now all family do not need to have to "accept certificate" when startig Outlook - Nice.

You can only have a single hostname for free and not wildcards, but for mail that is still perfect.

Title: Re: Security Certificate for Mail
Post by: georgios on November 30, 2015, 07:48:51 PM

Quote from: Stefano on October 28, 2015, 10:20:54 AM

I think this can help you:

http://blogs.technet.com/b/sbs/archive/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx

This what I do for Outlook Clients, you have to import manually for each PC the default SSL of the SME Server with the MMC console.

For information, Thunderbid manages better the IMAPS connections, it keep all the emails in cache.

Title: Re: Security Certificate for Mail
Post by: janet on December 02, 2015, 02:32:45 PM

Knuddi & all

Quote

You can only have a single hostname for free and not wildcards, but for mail that is still perfect.

Well if you set the CommonName db setting so that your server common name is say
www.mydomain.com
Then purchase/obtain a certificate for www.mydomain.com
Then install the certificate onto your SME server for that domain

Then configure the mail clients to use server hostnames of www.mydomain.com for SMTP & IMAPS.
So you end up with a certificate domain name that is recognised by mail clients & recognosed by https access, so the one certificate covers all, less need for wildcards then, unless you want to use a whole lot of subdomains, but free or cheap certificates are not so appropriate in that circumstance anyway.

Refer Email FAQ & Email Howto etc or search the Forums on CommonName

Edit:
Here it is:
config setprop modSSL CommonName www.mydomain.com
expand-template /home/e-smith/ssl.key/key
expand-template /home/e-smith/ssl.crt/crt
signal-event post-upgrade
signal-event reboot