Re: [qmailtoaster] Re: Webmail SSL

[Maxwell Smart]

Add these two lines to the virtual server. SSLRequireSSL ErrorDocument 403 https://mail.servername.net There is a way to do a simple redirect, but I haven't played with it and can't seem to get it to work as desired.  I am told it has to do with timeout.  You set the META to timeout and redirect to the SSL site.  It can be seamless too.   I know the above works and I am sure there is not much to be gained using the latter configuration. On 05/28/2010 04:27 PM, Scott Hughes wrote: CJ / Eric, How does one set up a redirect so that people automatically go to the secure area? My SSL setup is working, but only if I go directly there (https://mail.SERVERNAME.net).  If I just do 'mail.SERVERNAME.net, it goes to the non-secure page. My setup is as follows: I have a symlink in my /var/www/html directory called 'webmail' (the symlink points to the Squirrelmail directory). In my http.conf file, in the document_root section, I have it setup to go to /var/www/html/webmail. I do this so that my users can type in mail.SERVERNAME.net and get to webmail. Is there a more proper way to do this and still give them the ease of access? Thanks, Scott On 5/28/10 10:49 AM, Maxwell Smart wrote: I have set up the Rewrite as suggested, but it does not redirect from http to https is only says forbidden. I can create a 403 redirect, but would rather set it up as a simple redirect. How is this done? While this will work for one domain or if the user knows that the master domain is the one he is receiving the certificate for. Has anyone set it up either using ssl or gnutls to have each virtual domain using it's on certificate? I use the QMT ISO as a webserver and would like to be able to offer certs for individual clients thus being able to correctly authenticate either their https://www.myserver.com or https://mail.myserver.com correctly. CJ On 05/27/2010 11:28 AM, Eric Shubert wrote: Scott Hughes wrote: Does anyone happen to know if there is a wiki entry for securing SquirrelMail using SSL? I'm looking but I'm not finding it. Thanks, Scott http://wiki.qmailtoaster.com/index.php/Certificate briefly mentions that you can use the cert for apache. That page could really use some rework. Note, the mod-ssl package must be installed for apache. Once you have a certificate installed for apache, the squirrelmail.conf file can be modified to look like this: <IfModule mod_alias.c> Alias /webmail /usr/share/squirrelmail </IfModule> RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R] <Directory /usr/share/squirrelmail> Options None Order allow,deny allow from all SSLRequireSSL </Directory> I see you've started a SM page on the wiki. Great. Thanks for your work on this. -- Cecil Yother, Jr. "cj" cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 http://yother.com --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com