what version of ZCS are you running? have you already attempted customization of Login.jsp?
the workaround is pretty simple:
1. Edit /opt/zimbra/tomcat/webapps/zimbra/public/Login.jsp and comment out this
statement so that http connections are *never redirected back* to http:
2. Set the mail mode to mixed to allow the initial http connections that will be redirected to https:Code:qs = emptyQs? "?initMode=" + currentProto: qs + "&initMode=" + currentProto;
edit: the "next major release" will be ZCS 5.0Code:zmtlsctl mixed tomcat restart
For my server this is how I do my redirect.
At http://webmail.mydomain.ca/ it loads a PHP page as follows:
I haven't had a single problem with it switching back to http.PHP Code:
header("Location: https://webmail.mydomain.ca/"); //Redirect to secure webmail
Edit: Oh the reason why I do this is because I already have a web server running on 80 (HTTP) and I have Zimbra Webmail running ONLY on 443 (HTTPS).
what i've done to get around this is run lighttpd on port 80, and have zimbra only setup for https. then when anyone connects to my separate lighttpd running on p80, the get a 320 that points them to https
good to know that the proper fix is on it's way though!
For those of you in sensitive environments, please be aware of http://bugzilla.zimbra.com/show_bug.cgi?id=14538
I'd originally sent that as a private support request, but it looks like they made it public. Until that issue is fully addressed, then you might want to force your users to type in or bookmark the https.
Re fizi's reply: You might need something that's able to redirect http://zimbra/some/specific/url to https://zimbra/some/specific/url, not just the top level redirect.
The reason for this is that Apple's iCal, and possibly other things, supports https but won't let you type in https URLs. So to subscribe to a public Zimbra calendar (without the iSync connector), you need to enter the URL as http:// or webcal://, accept the redirect, and internally use https.
Last edited by Rich Graves; 03-28-2007 at 11:21 AM. Reason: s/fiji/fizi
I am coming into this one a little late. I keep hearing this issue will be fixed in the next major release, which sounded like it would be 5.0?
I am running 7.0, shouldn't this be fixed by now? We are seeing this issue where our clients go to the FQDN, while the login page is https, once logged in it rolls back to http.
We are running zmtlsctl mixed.