Re: [qmailtoaster] ssl certification query
Hello marrandy, I missed you on irc by a few minutes. Anyways here is the info for ssl: http://wiki.qmailtoaster.com/index.php/SSL_Related QmailToaster can only use one ssl cert. Apache can have one ssl cert per ip address. Thanks, Erik On 5/18/06, marrandy [EMAIL PROTECTED] wrote: Hello. I'm curious about the certificates for multiple sites on one server e.g. qmailtoaster. You have multiple domains in the .com, .net and .org, none of which are sub-domains. You access the accounts via encypted email and/or the squirrelmail https: web browser. How does all this work when you want to create, and have signed, a certificate where you can only put in a single domain ? - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] ssl certification query
On Thursday 18 May 2006 16:35, Erik Espinoza wrote: Hello marrandy, I missed you on irc by a few minutes. Anyways here is the info for ssl: http://wiki.qmailtoaster.com/index.php/SSL_Related QmailToaster can only use one ssl cert. Apache can have one ssl cert per ip address. Thanks, Erik Hi Erik. Yes, I found that in the archives and was on the registerfly web site and started thinking about the other domains I will be adding and how the cert will effect them. So there are Two issues ? qmail ssl - if cert is for domain1.org and I have people also logging in with domain1.com, they will see a pop-up/discrepancy e.g outlook security prompt until they accept it permanently. apache - 1 IP per domain/ssl cert, so only having one IP (name based) they will also see an alert unless they accept it as good in their browser certificate manager. I could improve that by getting more IP's and more certificates. Is that about right ? Regards...Martin So initially, I should think about my most important domain as I don't have multiple IP addresses yet - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] ssl certification query
qmail ssl - if cert is for domain1.org and I have people also logging in with domain1.com, they will see a pop-up/discrepancy e.g outlook security prompt until they accept it permanently. I got my cert with one name, secure.domain.com, and I have all my users point their clients to secure.domain.com for pop3-ssl/imap-ssl and outgoing smtp-ssl. No need to accept, since the RegisterFly certs are trusted by default in Outlook and Thunderbird (and just about any mail client). apache - 1 IP per domain/ssl cert, so only having one IP (name based) they will also see an alert unless they accept it as good in their browser certificate manager. I could improve that by getting more IP's and more certificates. Correct. So initially, I should think about my most important domain as I don't have multiple IP addresses yet Sounds good to me. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] ssl certification query
On Thursday 18 May 2006 16:53, Erik Espinoza wrote: I got my cert with one name, secure.domain.com, and I have all my users point their clients to secure.domain.com for pop3-ssl/imap-ssl and outgoing smtp-ssl. I've noted in some documents that you can do *.domain.com ie. http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html Is this correct info ? Regards...Martin - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] ssl certification query
On Thursday 18 May 2006 17:15, marrandy wrote: Replying to myself I've noted in some documents that you can do *.domain.com ie. http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html Is this correct info ? So could you use the same cert on two machines in that case, if you offloaded a subdomain e.g. mail.domain1.com to another machine with www.domain1.com on the first machine ? Sounds probable. Regards...Martin - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] ssl certification query
Yes, but buying a wildcard ssl cert is in the thousands of dollars mark. In addition, you still can't have more than one documentroot (or virtualhost) per ip address in apache. Nor can you have more than one cert for qmail. On 5/18/06, marrandy [EMAIL PROTECTED] wrote: On Thursday 18 May 2006 16:53, Erik Espinoza wrote: I got my cert with one name, secure.domain.com, and I have all my users point their clients to secure.domain.com for pop3-ssl/imap-ssl and outgoing smtp-ssl. I've noted in some documents that you can do *.domain.com ie. http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html Is this correct info ? Regards...Martin - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] ssl certification query
On Thursday 18 May 2006 17:22, Erik Espinoza wrote: Yes, but buying a wildcard ssl cert is in the thousands of dollars mark. In addition, you still can't have more than one documentroot (or virtualhost) per ip address in apache. Knew there had to be a catch. Ok - thanks Erik. Regards...Martin - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] ssl certification query
On Thursday 18 May 2006 16:53, Erik Espinoza wrote: I got my cert with one name, secure.domain.com, and I have all my users point their clients to secure.domain.com for pop3-ssl/imap-ssl and outgoing smtp-ssl. is that an alias as opposed to a FQDN ? ie. you computer FQDN could be april.domain.com but if you decided it was your mail server, you could also have aliases such as:- mail.domain.com or a.mx.domain.com So is the 'common name' an alias e.g. mail.domain.com or must it be the FQDN ie april.domain.com ??? Regards...Martin - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] ssl certification query
On Thursday 18 May 2006 17:52, Erik Espinoza wrote: I got my cert with one name, secure.domain.com, and I have all my users point their clients to secure.domain.com for pop3-ssl/imap-ssl and outgoing smtp-ssl. I just created an A record in DNS called secure.domain.com. I then got a cert that matched secure.domain.com. I told all my clients to use secure.domain.com. Ok - I understand. It's not necessarily the FQDN of the computer, but a valid DNS entry pointing to that computer. I queried registerfly.com about something else so I'll leave the cert stuff until tomorrow. Thanks for the info and chat Erik. -- Regards...Martin - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]