Scalix Forums


http://www.scalix.com/forums/

Change the webmail certificate?

http://www.scalix.com/forums/viewtopic.php?f=4&t=13502

Page 1 of 1

Change the webmail certificate?

Posted: Wed Jun 24, 2009 7:49 am
by markrich
How can I change the default webmail certificate for a self signed one with a more appropriate name?

The default says it was generated by 'someorganization' instead of the name of the server itself. I would like mine to read the same name as the DNS address we have given webmail, webmail.mirifice.com.

Any help appreciated.

Marky

Re: Change the webmail certificate?

Posted: Wed Jun 24, 2009 8:19 am
by Valerion
You will need to have it signed by a Certificate Authority. You give them a Certificate Signing Request and they sign it and send you the certificate file. Or if you don't want a trusted certificate, then you can generate and sign it yourself, of course, using the same instructions to get a CSR.

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR645

Re: Change the webmail certificate?

Posted: Wed Jun 24, 2009 9:37 am
by markrich
I can generate the certificate on the Scalix machine, as I did for IMAP and SMTP access.
But I don't know which file to edit to tell webmail which certificate it should be using.

I cannot see this in the FAQ's so perhaps I am looking in the wrong place?

I suspect this is the same cert that handles iCAL and Admin Console. I need to change this from the default to a self signed one with the correct server alias, mail.mirifice.com.

Re: Change the webmail certificate?

Posted: Mon Jun 29, 2009 7:05 am
by anybody
I've been searching for the correct file to change the certificates too this weekend, initially i suspected /etc/httpd/conf.d/ssl.conf is the relevant one (thats the path on CentOS 5, other Distros may differ), where the certificates are included. However changing them there had no effect whatsoever on webmail/SAC, which left me a little wondering.

Finally I found that I had to change this in the two files matched by:
/etc/opt/scalix-tomcat/connector/*/instance*conf

And now it's working fine. I've got a PositiveSSL Certificate from PSW Group / Comodo (https://www.psw.net/) for only 13€/Year and things seem to be working perfectly fine now with:

Code: Select all

SSLCertificateFile /etc/pki/tls/certs/scalix.thecompany.de.crt
SSLCertificateKeyFile /etc/pki/tls/private/scalix.thecompany.de.key
SSLCertificateChainFile /etc/pki/tls/certs/PositiveSSL.ca-bundle.crt


in those two files. I've also copied the contents of those files (CRT+KEY+CABUNDLE) into a single PEM file (stunnel.pem) and stunnel seems to be very happy with this too :)

Re: Change the webmail certificate?

Posted: Wed Jul 28, 2010 10:27 pm
by jminer
Thank you for posting this. I also had changed the ssl conf and the httpd conf but it didn't change anything on my site until I changed the instance-scalix.conf So happy to get rid of the annoying security alerts!
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/