SSL and webmail

[quinting]

I see lots of posts about automatically redirecting http to https, but I see nothing on getting SSL working in the first place.

I have looked at the manual, and I think I have things set up as they say in there.

On my server, https://domain.com works - I get the apache test page up. https://domain.com/webmail does not work, I get a 404 not found error, and in my apache logs, it says /var/www/html/webmail does not exist. I am trying to accomplish this on a single server.

Can someone point me in the right direction? The manual talks about installing a tomcat connector for apache - I think that it is there, as it came with Scalix....at least the config files that are discussed are in there....

Thanks for your help!

[quinting]

Figured it out - here is what I did - figured out from other posts that weren't completely clear (I am a step - by - step) kind of guy

This is when using Apache and Scalix on the same BOX - these instructions are for FC5.

Posted here for other's convenience:

1.) Install mod-ssl for apache
2.) modify the following files:

/etc/opt/scalix-tomcat/connector/ajp/instance-XXX.conf
/etc/opt/scalix-tomcat/connector/jk/instance-XXX.conf

Put the following into both files (replace ajp for jk where appropriate)
___________________________________

<VirtualHost *:443>
SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Include /etc/opt/scalix-tomcat/connector/ajp/app-XXX.*.conf

</VirtualHost>
___________________________________

'XXX' is your host name.

Now edit /etc/httpd/conf.d/ssl.conf, and find the entry that reads <VirtualHost _default_:443> - comment it and everything beneath it out.

Type at the command prompt:

service scalix-tomcat restart

Wait long enough so that you can hit webmail without SSL.

restart the apache:

service httpd restart

Try accessing https://domain.com/webmail.

[Ruthiness]

Excellent step by step guide..

I now also have the rewrite from http to https working properly. It was a BEAR to accomplish but was able to do it from the contributed articles here that made it MUCH easier.

There were some gotchas that involved moving the <VirtualHost *:443) from the ssl.conf to the connector conf files in ajp and jk that finally made things work.

The default when ssl is enabled is to have a default virtual host on Apache and this prevents the ssl portion in the connectors from working in scalix so you have to comment out EVERYTHING in the Apache ssl.conf in the <VirtualHost*:443> section - all the way to the end and then move the important bits (the key and security file, the encryption cipher etc) to the connector jk and ajp conf files.

Here is how my instance-mail.conf file looks in the connector/ajp directory:

(mail server name changed to protect the innocent)

<VirtualHost mail.somedomain.com:80>
Include /etc/opt/scalix-tomcat/connector/ajp/app-mail.*.conf
<LocationMatch "^/sac/*">
RewriteEngine on
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</LocationMatch>
<LocationMatch "^/webmail/*">
RewriteEngine on
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</LocationMatch>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
Include /etc/opt/scalix-tomcat/connector/ajp/app-mail*.conf
</VirtualHost>