Scott, This is all still new to me, but you may have wanted to set it up as SERVERNAME.net Maybe someone else with more experience can chime in.
CJ On 06/04/2010 01:58 PM, Scott Hughes wrote: > Quick question about certificates. I set up my certificate (via > GoDaddy) with my correct hostname (mail.SERVERNAME.net). Now I notice > if I go to: www.SERVERNAME.net via https, I get a certificate > warning. Any way around this or did I mess up with I signed up for > the certificate? > > Thanks, > Scott > > > On 6/4/10 10:38 AM, Eric Broch wrote: >> CJ, >> >> I don't use multiple certificates, but I did, in times past, try to find a >> way to implement it and was glad to see the tutorial posted here for it. >> >> Eric >> >> -----Original Message----- >> From: Maxwell Smart [mailto:c...@yother.com] >> Sent: Friday, June 04, 2010 9:12 AM >> To: qmailtoaster-list@qmailtoaster.com >> Subject: RE: [qmailtoaster] Re: Webmail SSL >> >> Eric, >> >> Sounds like the exact same configuration as mine. >> >> SNI is Server Name Includes and it allows multiple secure connections >> with a single IP. I am having trouble getting mine to work. >> >> Do you use multiple certificates? One for each top level domain? >> >> CJ >> >> Quoting Eric Broch <ebr...@whitehorsetc.com>: >> >> >>> CJ, >>> >>> Virtual hosts (yes, 5 domains on 1 server), >>> SNI (I don't think so, I'm not really sure what it is???), >>> openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64), >>> gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64). >>> >>> Eric >>> >>> -----Original Message----- >>> From: Maxwell Smart [mailto:c...@yother.com] >>> Sent: Thursday, June 03, 2010 10:10 PM >>> To: qmailtoaster-list@qmailtoaster.com >>> Subject: RE: [qmailtoaster] Re: Webmail SSL's >>> >>> Eric, >>> >>> Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL? >>> >>> Sorry for so many questions, but a few of us on this list are trying >>> to sort this. >>> >>> CJ >>> >>> Quoting Eric Broch <ebr...@whitehorsetc.com>: >>> >>> >>>> CJ, >>>> >>>> I secure three sites (domains) on the same server. None of my other >>>> >>> clients >>> >>>> use webmail >>>> >>>> Eric B. >>>> >>>> -----Original Message----- >>>> From: Maxwell Smart [mailto:c...@yother.com] >>>> Sent: Thursday, June 03, 2010 6:05 PM >>>> To: qmailtoaster-list@qmailtoaster.com >>>> Subject: Re: [qmailtoaster] Re: Webmail SSL >>>> >>>> Eric, >>>> >>>> Have you been successful in securing more than one site? >>>> >>>> CJ >>>> >>>> Quoting Eric Broch <ebr...@whitehorsetc.com>: >>>> >>>> >>>>> Maxwell Smart wrote: >>>>> >>>>>> I realize that it's a bit of a hack and I don't like it, but I >>>>>> cannot get it to work correctly otherwise. I just tried your >>>>>> config and it didn't work either. >>>>>> >>>>>> You are using the webmail suffix where I am not. I am trying to >>>>>> get mail.myserver.com to work using SNI. I should be able to have >>>>>> multiple virtual servers using https and I cannot get it to work. >>>>>> I think part of the problem is openssl 0.9.8e SNI requires f and >>>>>> newer. I upgraded on my test server, but I'm still having problems >>>>>> getting it to work correctly. >>>>>> >>>>>> I'll figure it out, it's just frustrating when you read the >>>>>> documentation and it doesn't quite work that way. Then where do >>>>>> you start to troubleshoot. >>>>>> >>>>>> Quoting Eric Shubert <e...@shubes.net>: >>>>>> >>>>>> >>>>>>> I'm not saying that ErrorDocument won't work, just that it's a bit >>>>>>> of a hack. >>>>>>> >>>>>>> The conventional way (and 'better' for a number of reasons) is to >>>>>>> use the RewriteEngine. I seem to recall that there's a way to turn >>>>>>> on logging for the rewrite engine if you're having a problem with >>>>>>> it. >>>>>>> >>>>>>> Here's the RewriteRule I'm presently using: >>>>>>> RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L] >>>>>>> >>>>>>> Upon closer examination, I see that >>>>>>> RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R] >>>>>>> appears to be missing a period after webmail. I believe that it should >>>>>>> >>>> be: >>>> >>>>>>> RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R] >>>>>>> Subtle, but big difference. I believe this would work, the same as >>>>>>> the one I'm using above. >>>>>>> -- >>>>>>> -Eric 'shubes' >>>>>>> >>>>>>> Maxwell Smart wrote: >>>>>>> >>>>>>>> That's exactly where I am having problems and that's the only way >>>>>>>> I can get it to work. If I have the welcome.conf enabled it goes >>>>>>>> to the apache welcome page instead of redirecting and the log >>>>>>>> file says failed, reason: SSL connection required. If I disable >>>>>>>> the welcome.conf and include the Error 403 line it works. I was >>>>>>>> just testing it with the variable when I received this e >>>>>>>> mail.Quoting Eric Shubert <e...@shubes.net>: >>>>>>>> >>>>>>>> >>>>>>>>> Maxwell Smart wrote: >>>>>>>>> >>>>>>>>>> It appears as though you have a default configuration. Replace >>>>>>>>>> this in your squirrelmail.conf file. >>>>>>>>>> >>>>>>>>>> <Directory /usr/share/squirrelmail> >>>>>>>>>> Options None >>>>>>>>>> Order allow,deny >>>>>>>>>> allow from all >>>>>>>>>> </Directory> >>>>>>>>>> >>>>>>>>>> with this >>>>>>>>>> >>>>>>>>>> <Directory "/usr/share/squirrelmail"> >>>>>>>>>> RewriteEngine on >>>>>>>>>> RewriteCond %{SERVER_PORT} !^443$ >>>>>>>>>> RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R] >>>>>>>>>> allow from all >>>>>>>>>> Options >>>>>>>>>> SSLRequireSSL >>>>>>>>>> ErrorDocument 403 "https://your.server.com/webmail/" >>>>>>>>>> </Directory> >>>>>>>>>> >>>>>>>>>> You will need to change the your.server.com to your server name. >>>>>>>>>> >>>>>>>>>> CJ >>>>>>>>>> >>>>>>>>>> >>>>>>>>> You shouldn't need the ErrorDocument line. >>>>>>>>> >>>>>>>>> In addision, if you were to use that hack, it'd be better to use >>>>>>>>> the %{SERVER_NAME} variable instead of hard coding your domain >>>>>>>>> name. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> -Eric 'shubes' >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>>> ----- Qmailtoaster is sponsored by Vickers Consulting Group >>>> >>>>>>>>> (www.vickersconsulting.com) >>>>>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>>>>> >>>> installations. >>>> >>>>>>>>> If you need professional help with your setup, contact them >>>>>>>>> >> today! >> >>>>>>>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>>> ----- Please visit qmailtoaster.com for the latest news, updates, and >>>> >>>>>>>>> packages. >>>>>>>>> To unsubscribe, e-mail: >>>>>>>>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>>>>>> For additional commands, e-mail: >>>>>>>>> qmailtoaster-list-h...@qmailtoaster.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> Cecil Yother, Jr. "cj" >>>>>>>> cj's >>>>>>>> 2318 Clement Ave >>>>>>>> Alameda, CA 94501 >>>>>>>> >>>>>>>> tel 510.865.2787 >>>>>>>> http://yother.com >>>>>>>> >>>>>>>> ---------------------------------------------------------------- >>>>>>>> This message was sent using IMP, the Internet Messaging Program. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>>> ----- Qmailtoaster is sponsored by Vickers Consulting Group >>>> >>>>>>>> (www.vickersconsulting.com) >>>>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>>>> >>>> installations. >>>> >>>>>>>> If you need professional help with your setup, contact them today! >>>>>>>> >>>>>>> >>>>>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>>> ----- Qmailtoaster is sponsored by Vickers Consulting Group >>>> >>>>>>> (www.vickersconsulting.com) >>>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>>> >>>> installations. >>>> >>>>>>> If you need professional help with your setup, contact them today! >>>>>>> >>>>>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>>> ----- Please visit qmailtoaster.com for the latest news, updates, and >>>> >>>>>>> packages. >>>>>>> To unsubscribe, e-mail: >>>>>>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>>>> For additional commands, e-mail: >>>>>>> >>>> qmailtoaster-list-h...@qmailtoaster.com >>>> >>>>>>> >>>>>>> >>>>>> >>>>>> Cecil Yother, Jr. "cj" >>>>>> cj's >>>>>> 2318 Clement Ave >>>>>> Alameda, CA 94501 >>>>>> >>>>>> tel 510.865.2787 >>>>>> http://yother.com >>>>>> >>>>>> ---------------------------------------------------------------- >>>>>> This message was sent using IMP, the Internet Messaging Program. >>>>>> >>>>>> >>>>>> >>>>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>>> ----- Qmailtoaster is sponsored by Vickers Consulting Group >>>> >>>>>> (www.vickersconsulting.com) >>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>> >>> installations. >>> >>>>>> If you need professional help with your setup, contact them today! >>>>>> >>>>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>>> ----- Please visit qmailtoaster.com for the latest news, updates, and >>>> >>>>>> packages. >>>>>> To unsubscribe, e-mail: >>>>>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>>> For additional commands, e-mail: >>>>>> >>>> qmailtoaster-list-h...@qmailtoaster.com >>>> >>>>>> >>>>> I don't use the redirect in the squirrelmail config file but in the >>>>> apache config file using virtual hosting. You might give this a try >>>>> >>>>> <VirtualHost *:80> >>>>> ServerName www.whitehorsetc.com >>>>> ServerAlias whitehorsetc.com >>>>> ServerAdmin postmas...@whitehorsetc.com >>>>> DocumentRoot /var/www/html >>>>> # >>>>> RewriteEngine On >>>>> # >>>>> RewriteLog "/var/log/httpd/whitehorsetc.com-rewrite_log" >>>>> RewriteLogLevel 9 >>>>> # >>>>> RewriteCond %{REQUEST_URI} =/webmail/ [OR] >>>>> RewriteCond %{REQUEST_URI} =/webmail [OR] >>>>> RewriteCond %{REQUEST_URI} =/webmail/src/right_main.php >>>>> RewriteRule ^(.*)$ https://www.whitehorsetc.com$1 [R=301,L] >>>>> # >>>>> RewriteCond %{HTTP_HOST} !^www\.whitehorsetc\.com [NC] >>>>> RewriteRule ^(.*)$ http://www.whitehorsetc.com$1 [R=301,L] >>>>> # >>>>> ErrorLog logs/whitehorsetc.com-error_log >>>>> CustomLog logs/whitehorsetc.com-access_log common >>>>> </VirtualHost> >>>>> >>>>> Eric >>>>> >>>>> >>>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>>> ----- >>>> >>>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>>> (www.vickersconsulting.com) >>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>> >>> installations. >>> >>>>> If you need professional help with your setup, contact them today! >>>>> >>>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>>> ----- >>>> >>>>> Please visit qmailtoaster.com for the latest news, updates, and >>>>> >>>> packages. >>>> >>>>> To unsubscribe, e-mail: >>>>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>> For additional commands, e-mail: >>>>> >>>> qmailtoaster-list-h...@qmailtoaster.com >>>> >>>>> >>>>> >>>> >>>> Cecil Yother, Jr. "cj" >>>> cj's >>>> 2318 Clement Ave >>>> Alameda, CA 94501 >>>> >>>> tel 510.865.2787 >>>> http://yother.com >>>> >>>> ---------------------------------------------------------------- >>>> This message was sent using IMP, the Internet Messaging Program. >>>> >>>> >>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>>> ----- >>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>> (www.vickersconsulting.com) >>>> Vickers Consulting Group offers Qmailtoaster support and >>>> >>> installations. >>> >>>> If you need professional help with your setup, contact them today! >>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>>> ----- >>>> Please visit qmailtoaster.com for the latest news, updates, and >>>> packages. >>>> >>>> To unsubscribe, e-mail: >>>> >>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>> >>>> For additional commands, e-mail: >>>> qmailtoaster-list-h...@qmailtoaster.com >>>> >>>> >>>> >>>> >>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>> ----- >>> >>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>> (www.vickersconsulting.com) >>>> Vickers Consulting Group offers Qmailtoaster support and >>>> >>> installations. >>> >>>> If you need professional help with your setup, contact them today! >>>> >>>> >>> >> ---------------------------------------------------------------------------- >> >>> ----- >>> >>>> Please visit qmailtoaster.com for the latest news, updates, and >>>> packages. >>>> >>>> To unsubscribe, e-mail: >>>> >>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>> >>>> For additional commands, e-mail: >>>> >>> qmailtoaster-list-h...@qmailtoaster.com >>> >>>> >>>> >>> >>> Cecil Yother, Jr. "cj" >>> cj's >>> 2318 Clement Ave >>> Alameda, CA 94501 >>> >>> tel 510.865.2787 >>> http://yother.com >>> >>> ---------------------------------------------------------------- >>> This message was sent using IMP, the Internet Messaging Program. >>> >>> >>> >>> >> ---------------------------------------------------------------------------- >> >>> ----- >>> Qmailtoaster is sponsored by Vickers Consulting Group >>> (www.vickersconsulting.com) >>> Vickers Consulting Group offers Qmailtoaster support and >>> >> installations. >> >>> If you need professional help with your setup, contact them today! >>> >>> >> ---------------------------------------------------------------------------- >> >>> ----- >>> Please visit qmailtoaster.com for the latest news, updates, and >>> packages. >>> >>> To unsubscribe, e-mail: >>> >> qmailtoaster-list-unsubscr...@qmailtoaster.com >> >>> For additional commands, e-mail: >>> qmailtoaster-list-h...@qmailtoaster.com >>> >>> >>> >>> >>> >>> >> ---------------------------------------------------------------------------- >> ----- >> >>> Qmailtoaster is sponsored by Vickers Consulting Group >>> (www.vickersconsulting.com) >>> Vickers Consulting Group offers Qmailtoaster support and >>> >> installations. >> >>> If you need professional help with your setup, contact them today! >>> >>> >> ---------------------------------------------------------------------------- >> ----- >> >>> Please visit qmailtoaster.com for the latest news, updates, and >>> packages. >>> >>> To unsubscribe, e-mail: >>> >> qmailtoaster-list-unsubscr...@qmailtoaster.com >> >>> For additional commands, e-mail: >>> >> qmailtoaster-list-h...@qmailtoaster.com >> >>> >>> >> >> Cecil Yother, Jr. "cj" >> cj's >> 2318 Clement Ave >> Alameda, CA 94501 >> >> tel 510.865.2787 >> http://yother.com >> >> ---------------------------------------------------------------- >> This message was sent using IMP, the Internet Messaging Program. >> >> >> ---------------------------------------------------------------------------- >> ----- >> Qmailtoaster is sponsored by Vickers Consulting Group >> (www.vickersconsulting.com) >> Vickers Consulting Group offers Qmailtoaster support and installations. >> If you need professional help with your setup, contact them today! >> ---------------------------------------------------------------------------- >> ----- >> Please visit qmailtoaster.com for the latest news, updates, and >> packages. >> >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: >> qmailtoaster-list-h...@qmailtoaster.com >> >> >> >> >> --------------------------------------------------------------------------------- >> Qmailtoaster is sponsored by Vickers Consulting Group >> (www.vickersconsulting.com) >> Vickers Consulting Group offers Qmailtoaster support and installations. >> If you need professional help with your setup, contact them today! >> --------------------------------------------------------------------------------- >> Please visit qmailtoaster.com for the latest news, updates, and >> packages. >> >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> >> >> -- Cecil Yother, Jr. "cj" cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com