How can I change the default webmail certificate for a self signed one with a more appropriate name?
The default says it was generated by 'someorganization' instead of the name of the server itself. I would like mine to read the same name as the DNS address we have given webmail, webmail.mirifice.com.
Any help appreciated.
Marky
Change the webmail certificate?
Moderators: ScalixSupport, admin
-
markrich
- Posts: 105
- Joined: Wed May 13, 2009 10:54 am
- Location: Bath
- Contact:
-
Valerion
- Scalix Star
- Posts: 2730
- Joined: Thu Feb 26, 2004 7:40 am
- Location: Johannesburg, South Africa
- Contact:
Re: Change the webmail certificate?
You will need to have it signed by a Certificate Authority. You give them a Certificate Signing Request and they sign it and send you the certificate file. Or if you don't want a trusted certificate, then you can generate and sign it yourself, of course, using the same instructions to get a CSR.
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR645
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR645
-
markrich
- Posts: 105
- Joined: Wed May 13, 2009 10:54 am
- Location: Bath
- Contact:
Re: Change the webmail certificate?
I can generate the certificate on the Scalix machine, as I did for IMAP and SMTP access.
But I don't know which file to edit to tell webmail which certificate it should be using.
I cannot see this in the FAQ's so perhaps I am looking in the wrong place?
I suspect this is the same cert that handles iCAL and Admin Console. I need to change this from the default to a self signed one with the correct server alias, mail.mirifice.com.
But I don't know which file to edit to tell webmail which certificate it should be using.
I cannot see this in the FAQ's so perhaps I am looking in the wrong place?
I suspect this is the same cert that handles iCAL and Admin Console. I need to change this from the default to a self signed one with the correct server alias, mail.mirifice.com.
-
anybody
- Posts: 52
- Joined: Thu Apr 09, 2009 7:28 am
- Location: Munich, Germany
- Contact:
Re: Change the webmail certificate?
I've been searching for the correct file to change the certificates too this weekend, initially i suspected /etc/httpd/conf.d/ssl.conf is the relevant one (thats the path on CentOS 5, other Distros may differ), where the certificates are included. However changing them there had no effect whatsoever on webmail/SAC, which left me a little wondering.
Finally I found that I had to change this in the two files matched by:
/etc/opt/scalix-tomcat/connector/*/instance*conf
And now it's working fine. I've got a PositiveSSL Certificate from PSW Group / Comodo (https://www.psw.net/) for only 13€/Year and things seem to be working perfectly fine now with:
in those two files. I've also copied the contents of those files (CRT+KEY+CABUNDLE) into a single PEM file (stunnel.pem) and stunnel seems to be very happy with this too
Finally I found that I had to change this in the two files matched by:
/etc/opt/scalix-tomcat/connector/*/instance*conf
And now it's working fine. I've got a PositiveSSL Certificate from PSW Group / Comodo (https://www.psw.net/) for only 13€/Year and things seem to be working perfectly fine now with:
Code: Select all
SSLCertificateFile /etc/pki/tls/certs/scalix.thecompany.de.crt
SSLCertificateKeyFile /etc/pki/tls/private/scalix.thecompany.de.key
SSLCertificateChainFile /etc/pki/tls/certs/PositiveSSL.ca-bundle.crt
in those two files. I've also copied the contents of those files (CRT+KEY+CABUNDLE) into a single PEM file (stunnel.pem) and stunnel seems to be very happy with this too
-
jminer
Re: Change the webmail certificate?
Thank you for posting this. I also had changed the ssl conf and the httpd conf but it didn't change anything on my site until I changed the instance-scalix.conf So happy to get rid of the annoying security alerts!
Who is online
Users browsing this forum: No registered users and 7 guests