Results 1 to 4 of 4

Thread: Virtual domains and SSL certificates

  1. #1
    Join Date
    Mar 2008
    Posts
    3
    Rep Power
    7

    Default Virtual domains and SSL certificates

    Maybe this is covered elsewhere but cannot find another reference.

    If you use mixed server, the user enters an http address, he is redirected to the same via https and then back to http to continue mail session. There is a problem the server is in fact a virtual server and the certificate´s common name does not match.

    What I want to accomplish is to avoid certificate common name mismatch by redirecting the user to a fixed https server name independently of his original domain name, i.e.:

    now

    http://mail.customer_a.com -> https://mail.customer_a.com (not good because the ssl certificate common name does not match and the user's browser will cry!) -> http://mail.customer_a.com

    proposed

    http://mail.customer_a.com -> https://secure.provider.com -> http://mail.customer_a.com

    It would be great if this could be done even without breaking the virtual server functionality, maybe by including a hidden field (or a cookie) in the secure auth form so he can redirected back to the his domain.

  2. #2
    Join Date
    Feb 2006
    Location
    Manchester, UK
    Posts
    88
    Rep Power
    9

    Default

    bump...

    I'd also like a sensible way to resolve this problem with certificate errors on virtual domains.

  3. #3
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    would a wildcard cert fix your problem?

    that is if you have a few hundred spare dollars to throw at this problem they're nice to have though.

    edit: doh i re-read your post and it seems like this wouldn't fix because you're going to completely separate domains sorry

  4. #4
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    I know that in the past web servers such as Apache required a separate IP address for each virtual domain that had an SSL certificate. I'm not sure how the Jetty server works in ZCS. I have my hosted user logon to the primary domain and login with their full e-mail address. This way the certificate that they see and they site they are hitting match. I also have them set their pop3/smpt clients up to logon to the primary domain.

    For IE users I had to e-mail a copy of the CA certificate and had the install the certificate. Windows puts the CA cert into the root store and then the user gets no more certificate errors.

Similar Threads

  1. SSL certificate per virtual host?
    By Leesbian in forum Installation
    Replies: 4
    Last Post: 03-14-2008, 10:52 AM
  2. Multiple Domains w/ SSL
    By msf004 in forum Installation
    Replies: 2
    Last Post: 07-30-2007, 11:48 AM
  3. 3.2/Virtual Domains/SSL Certificates
    By gmsmith in forum Administrators
    Replies: 3
    Last Post: 07-03-2006, 09:24 AM
  4. SSL and multiple mail server aliases
    By altimage in forum Installation
    Replies: 3
    Last Post: 12-11-2005, 04:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •