CJ, I'm not sure how you're defining the difference between a TLD and a sub-domain(?).
As I understand it, a top-level-domain (TLD) would be com, org, us, de, and etc..., so, my domain 'whitehorestc.com' would be a 1st level sub-domain of the 'com' domain and 'www.whitehorsetc.com' would be a second level sub-domain of the 'com' domain. All my 1st level sub-domains (I have 5) are members of the 'com' domain and are redirected to 2nd level domain of 'www.anydomain.com' and if the '/webmail' or '/webmail/' path is part of the path typed into the address bar of the browser apache redirects to https (secure web). Initially I was unable to discover a process by which I could use certificates for each of my 1st level sub-domains, so, up until now my clients were simply adding an exception when going into webmail for a particular sub-domain. Eric B. -----Original Message----- From: Maxwell Smart [mailto:c...@yother.com] Sent: Friday, June 04, 2010 4:43 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Webmail SSL @Eric Broch So are all of your current secure sites subdomains? ie https://www.example.com/example or TLD https://www.example.com? If they are all TLD's how are you traversing the fact that the certificates aren't specific to those domains? @ Eric Shubes We're going to get this figured out! On 06/04/2010 08:38 AM, Eric Broch wrote: > CJ, > > I don't use multiple certificates, but I did, in times past, try to find a > way to implement it and was glad to see the tutorial posted here for it. > > Eric > > -----Original Message----- > From: Maxwell Smart [mailto:c...@yother.com] > Sent: Friday, June 04, 2010 9:12 AM > To: qmailtoaster-list@qmailtoaster.com > Subject: RE: [qmailtoaster] Re: Webmail SSL > > Eric, > > Sounds like the exact same configuration as mine. > > SNI is Server Name Includes and it allows multiple secure connections > with a single IP. I am having trouble getting mine to work. > > Do you use multiple certificates? One for each top level domain? > > CJ > > Quoting Eric Broch <ebr...@whitehorsetc.com>: > > >> CJ, >> >> Virtual hosts (yes, 5 domains on 1 server), >> SNI (I don't think so, I'm not really sure what it is???), >> openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64), >> gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64). >> >> Eric >> >> -----Original Message----- >> From: Maxwell Smart [mailto:c...@yother.com] >> Sent: Thursday, June 03, 2010 10:10 PM >> To: qmailtoaster-list@qmailtoaster.com >> Subject: RE: [qmailtoaster] Re: Webmail SSL's >> >> Eric, >> >> Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL? >> >> Sorry for so many questions, but a few of us on this list are trying >> to sort this. >> >> CJ >> >> Quoting Eric Broch <ebr...@whitehorsetc.com>: >> >> >>> CJ, >>> >>> I secure three sites (domains) on the same server. None of my other >>> >> clients >> >>> use webmail >>> >>> Eric B. >>> >>> -----Original Message----- >>> From: Maxwell Smart [mailto:c...@yother.com] >>> Sent: Thursday, June 03, 2010 6:05 PM >>> To: qmailtoaster-list@qmailtoaster.com >>> Subject: Re: [qmailtoaster] Re: Webmail SSL >>> >>> Eric, >>> >>> Have you been successful in securing more than one site? >>> >>> CJ >>> >>> Quoting Eric Broch <ebr...@whitehorsetc.com>: >>> >>> >>>> Maxwell Smart wrote: >>>> >>>>> I realize that it's a bit of a hack and I don't like it, but I >>>>> cannot get it to work correctly otherwise. I just tried your >>>>> config and it didn't work either. >>>>> >>>>> You are using the webmail suffix where I am not. I am trying to >>>>> get mail.myserver.com to work using SNI. I should be able to have >>>>> multiple virtual servers using https and I cannot get it to work. >>>>> I think part of the problem is openssl 0.9.8e SNI requires f and >>>>> newer. I upgraded on my test server, but I'm still having problems >>>>> getting it to work correctly. >>>>> >>>>> I'll figure it out, it's just frustrating when you read the >>>>> documentation and it doesn't quite work that way. Then where do >>>>> you start to troubleshoot. >>>>> >>>>> Quoting Eric Shubert <e...@shubes.net>: >>>>> >>>>> >>>>>> I'm not saying that ErrorDocument won't work, just that it's a bit >>>>>> of a hack. >>>>>> >>>>>> The conventional way (and 'better' for a number of reasons) is to >>>>>> use the RewriteEngine. I seem to recall that there's a way to turn >>>>>> on logging for the rewrite engine if you're having a problem with >>>>>> it. >>>>>> >>>>>> Here's the RewriteRule I'm presently using: >>>>>> RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L] >>>>>> >>>>>> Upon closer examination, I see that >>>>>> RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R] >>>>>> appears to be missing a period after webmail. I believe that it should >>>>>> >>> be: >>> >>>>>> RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R] >>>>>> Subtle, but big difference. I believe this would work, the same as >>>>>> the one I'm using above. >>>>>> -- >>>>>> -Eric 'shubes' >>>>>> >>>>>> Maxwell Smart wrote: >>>>>> >>>>>>> That's exactly where I am having problems and that's the only way >>>>>>> I can get it to work. If I have the welcome.conf enabled it goes >>>>>>> to the apache welcome page instead of redirecting and the log >>>>>>> file says failed, reason: SSL connection required. If I disable >>>>>>> the welcome.conf and include the Error 403 line it works. I was >>>>>>> just testing it with the variable when I received this e >>>>>>> mail.Quoting Eric Shubert <e...@shubes.net>: >>>>>>> >>>>>>> >>>>>>>> Maxwell Smart wrote: >>>>>>>> >>>>>>>>> It appears as though you have a default configuration. Replace >>>>>>>>> this in your squirrelmail.conf file. >>>>>>>>> >>>>>>>>> <Directory /usr/share/squirrelmail> >>>>>>>>> Options None >>>>>>>>> Order allow,deny >>>>>>>>> allow from all >>>>>>>>> </Directory> >>>>>>>>> >>>>>>>>> with this >>>>>>>>> >>>>>>>>> <Directory "/usr/share/squirrelmail"> >>>>>>>>> RewriteEngine on >>>>>>>>> RewriteCond %{SERVER_PORT} !^443$ >>>>>>>>> RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R] >>>>>>>>> allow from all >>>>>>>>> Options >>>>>>>>> SSLRequireSSL >>>>>>>>> ErrorDocument 403 "https://your.server.com/webmail/" >>>>>>>>> </Directory> >>>>>>>>> >>>>>>>>> You will need to change the your.server.com to your server name. >>>>>>>>> >>>>>>>>> CJ >>>>>>>>> >>>>>>>>> >>>>>>>> You shouldn't need the ErrorDocument line. >>>>>>>> >>>>>>>> In addision, if you were to use that hack, it'd be better to use >>>>>>>> the %{SERVER_NAME} variable instead of hard coding your domain >>>>>>>> name. >>>>>>>> >>>>>>>> -- >>>>>>>> -Eric 'shubes' >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>> >> > ---------------------------------------------------------------------------- > >>> ----- Qmailtoaster is sponsored by Vickers Consulting Group >>> >>>>>>>> (www.vickersconsulting.com) >>>>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>>>> >>> installations. >>> >>>>>>>> If you need professional help with your setup, contact them >>>>>>>> > today! > >>>>>>>> >>> >> > ---------------------------------------------------------------------------- > >>> ----- Please visit qmailtoaster.com for the latest news, updates, and >>> >>>>>>>> packages. >>>>>>>> To unsubscribe, e-mail: >>>>>>>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>>>>> For additional commands, e-mail: >>>>>>>> qmailtoaster-list-h...@qmailtoaster.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> Cecil Yother, Jr. "cj" >>>>>>> cj's >>>>>>> 2318 Clement Ave >>>>>>> Alameda, CA 94501 >>>>>>> >>>>>>> tel 510.865.2787 >>>>>>> http://yother.com >>>>>>> >>>>>>> ---------------------------------------------------------------- >>>>>>> This message was sent using IMP, the Internet Messaging Program. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>> >> > ---------------------------------------------------------------------------- > >>> ----- Qmailtoaster is sponsored by Vickers Consulting Group >>> >>>>>>> (www.vickersconsulting.com) >>>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>>> >>> installations. >>> >>>>>>> If you need professional help with your setup, contact them today! >>>>>>> >>>>>> >>>>>> >>>>>> >>> >> > ---------------------------------------------------------------------------- > >>> ----- Qmailtoaster is sponsored by Vickers Consulting Group >>> >>>>>> (www.vickersconsulting.com) >>>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>>> >>> installations. >>> >>>>>> If you need professional help with your setup, contact them today! >>>>>> >>>>>> >>> >> > ---------------------------------------------------------------------------- > >>> ----- Please visit qmailtoaster.com for the latest news, updates, and >>> >>>>>> packages. >>>>>> To unsubscribe, e-mail: >>>>>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>>> For additional commands, e-mail: >>>>>> >>> qmailtoaster-list-h...@qmailtoaster.com >>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> Cecil Yother, Jr. "cj" >>>>> cj's >>>>> 2318 Clement Ave >>>>> Alameda, CA 94501 >>>>> >>>>> tel 510.865.2787 >>>>> http://yother.com >>>>> >>>>> ---------------------------------------------------------------- >>>>> This message was sent using IMP, the Internet Messaging Program. >>>>> >>>>> >>>>> >>>>> >>> >> > ---------------------------------------------------------------------------- > >>> ----- Qmailtoaster is sponsored by Vickers Consulting Group >>> >>>>> (www.vickersconsulting.com) >>>>> Vickers Consulting Group offers Qmailtoaster support and >>>>> >> installations. >> >>>>> If you need professional help with your setup, contact them today! >>>>> >>>>> >>> >> > ---------------------------------------------------------------------------- > >>> ----- Please visit qmailtoaster.com for the latest news, updates, and >>> >>>>> packages. >>>>> To unsubscribe, e-mail: >>>>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>> For additional commands, e-mail: >>>>> >>> qmailtoaster-list-h...@qmailtoaster.com >>> >>>>> >>>>> >>>> I don't use the redirect in the squirrelmail config file but in the >>>> apache config file using virtual hosting. You might give this a try >>>> >>>> <VirtualHost *:80> >>>> ServerName www.whitehorsetc.com >>>> ServerAlias whitehorsetc.com >>>> ServerAdmin postmas...@whitehorsetc.com >>>> DocumentRoot /var/www/html >>>> # >>>> RewriteEngine On >>>> # >>>> RewriteLog "/var/log/httpd/whitehorsetc.com-rewrite_log" >>>> RewriteLogLevel 9 >>>> # >>>> RewriteCond %{REQUEST_URI} =/webmail/ [OR] >>>> RewriteCond %{REQUEST_URI} =/webmail [OR] >>>> RewriteCond %{REQUEST_URI} =/webmail/src/right_main.php >>>> RewriteRule ^(.*)$ https://www.whitehorsetc.com$1 [R=301,L] >>>> # >>>> RewriteCond %{HTTP_HOST} !^www\.whitehorsetc\.com [NC] >>>> RewriteRule ^(.*)$ http://www.whitehorsetc.com$1 [R=301,L] >>>> # >>>> ErrorLog logs/whitehorsetc.com-error_log >>>> CustomLog logs/whitehorsetc.com-access_log common >>>> </VirtualHost> >>>> >>>> Eric >>>> >>>> >>>> >>> >> > ---------------------------------------------------------------------------- > >>> ----- >>> >>>> Qmailtoaster is sponsored by Vickers Consulting Group >>>> (www.vickersconsulting.com) >>>> Vickers Consulting Group offers Qmailtoaster support and >>>> >> installations. >> >>>> If you need professional help with your setup, contact them today! >>>> >>>> >>> >> > ---------------------------------------------------------------------------- > >>> ----- >>> >>>> Please visit qmailtoaster.com for the latest news, updates, and >>>> >>> packages. >>> >>>> To unsubscribe, e-mail: >>>> qmailtoaster-list-unsubscr...@qmailtoaster.com >>>> For additional commands, e-mail: >>>> >>> qmailtoaster-list-h...@qmailtoaster.com >>> >>>> >>>> >>>> >>> >>> >>> Cecil Yother, Jr. "cj" >>> cj's >>> 2318 Clement Ave >>> Alameda, CA 94501 >>> >>> tel 510.865.2787 >>> http://yother.com >>> >>> ---------------------------------------------------------------- >>> This message was sent using IMP, the Internet Messaging Program. >>> >>> >>> >>> >> > ---------------------------------------------------------------------------- > >>> ----- >>> Qmailtoaster is sponsored by Vickers Consulting Group >>> (www.vickersconsulting.com) >>> Vickers Consulting Group offers Qmailtoaster support and >>> >> installations. >> >>> If you need professional help with your setup, contact them today! >>> >>> >> > ---------------------------------------------------------------------------- > >>> ----- >>> Please visit qmailtoaster.com for the latest news, updates, and >>> packages. >>> >>> To unsubscribe, e-mail: >>> >> qmailtoaster-list-unsubscr...@qmailtoaster.com >> >>> For additional commands, e-mail: >>> qmailtoaster-list-h...@qmailtoaster.com >>> >>> >>> >>> >>> >>> >> > ---------------------------------------------------------------------------- > >> ----- >> >>> Qmailtoaster is sponsored by Vickers Consulting Group >>> (www.vickersconsulting.com) >>> Vickers Consulting Group offers Qmailtoaster support and >>> >> installations. >> >>> If you need professional help with your setup, contact them today! >>> >>> >> > ---------------------------------------------------------------------------- > >> ----- >> >>> Please visit qmailtoaster.com for the latest news, updates, and >>> packages. >>> >>> To unsubscribe, e-mail: >>> >> qmailtoaster-list-unsubscr...@qmailtoaster.com >> >>> For additional commands, e-mail: >>> >> qmailtoaster-list-h...@qmailtoaster.com >> >>> >>> >>> >> >> >> Cecil Yother, Jr. "cj" >> cj's >> 2318 Clement Ave >> Alameda, CA 94501 >> >> tel 510.865.2787 >> http://yother.com >> >> ---------------------------------------------------------------- >> This message was sent using IMP, the Internet Messaging Program. >> >> >> >> > ---------------------------------------------------------------------------- > >> ----- >> Qmailtoaster is sponsored by Vickers Consulting Group >> (www.vickersconsulting.com) >> Vickers Consulting Group offers Qmailtoaster support and >> > installations. > >> If you need professional help with your setup, contact them today! >> >> > ---------------------------------------------------------------------------- > >> ----- >> Please visit qmailtoaster.com for the latest news, updates, and >> packages. >> >> To unsubscribe, e-mail: >> > qmailtoaster-list-unsubscr...@qmailtoaster.com > >> For additional commands, e-mail: >> qmailtoaster-list-h...@qmailtoaster.com >> >> >> >> >> >> > ---------------------------------------------------------------------------- > ----- > >> Qmailtoaster is sponsored by Vickers Consulting Group >> (www.vickersconsulting.com) >> Vickers Consulting Group offers Qmailtoaster support and >> > installations. > >> If you need professional help with your setup, contact them today! >> >> > ---------------------------------------------------------------------------- > ----- > >> Please visit qmailtoaster.com for the latest news, updates, and >> packages. >> >> To unsubscribe, e-mail: >> > qmailtoaster-list-unsubscr...@qmailtoaster.com > >> For additional commands, e-mail: >> > qmailtoaster-list-h...@qmailtoaster.com > >> >> >> > > > Cecil Yother, Jr. "cj" > cj's > 2318 Clement Ave > Alameda, CA 94501 > > tel 510.865.2787 > http://yother.com > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > > > ---------------------------------------------------------------------------- > ----- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > ---------------------------------------------------------------------------- > ----- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com > > > > > ---------------------------------------------------------------------------- ----- > Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > ---------------------------------------------------------------------------- ----- > Please visit qmailtoaster.com for the latest news, updates, and packages. > > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > -- Cecil Yother, Jr. "cj" cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com ---------------------------------------------------------------------------- ----- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! ---------------------------------------------------------------------------- ----- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com