Try again Sam.
I overcame the problem of the certificate by specifying https as the
protocol to attach to the server, this eliminated the "triple"
authentication that I was seeing (one to authorize the cert...), but I still
get an 'Invalid Username or Password' before I can log in.
I am going to try re-issuing the cert using a different domain, but in the
meantime, any other suggestions would be welcome. I think the Invalid
Username error is something different...
----- Original Message -----
From: "Sam Varshavchik" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 11, 2001 7:25 PM
Subject: Re: Double Authentication
Vaughn R. Baker writes:
> Hi,
>
> I have a sqwebmail implementation running on my server with SSL for login
> enabled, Apache set to UseCannonicalName no and the ServerName matching
the
> server using sqwebmail. Login is required two times before entry to the
> maildir is allowed. First login causes a prompt on the client about the
SSL
> site certificate (we generated our own) and then displays the Invalid
> Username or Password screen. The second login allows access to the
maildir.
> This happens regardless of whether the restrict access to only your IP
> address is checked. The first login is done using an https call to the
> server which I think defeats the purpose of only using SSL during login
> since all subsequent pages are displayed using https.
>
> Any suggestions that allow me to keep the SSL during login only and
correct
> the Invalid Username error?
Tell the client to accept the certificate permanently.
--
Sam
