Softaculous

Topic : Problem SSL Email


Page 1 of 212>>>All

Posted By: Guest on July 29, 2014, 3:48 pm
Hi,
i have installed a SSL certificate,
i see there are correctly created certificate for dovecot but is not in use.. if i go on dovecot/conf.d/10-ssl.conf the key and the .pem file is the default not the installed SSL

This should change when a SSL is installed and should come back to the original if certificate is unistalled from webuzo.

Posted By: valley on July 30, 2014, 5:15 am | Post: 1
Yes, you can certainly edit the configurations to suit your requirements.

-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter


Posted By: Guest on July 30, 2014, 8:06 am | Post: 2
Quote From : valley July 30, 2014, 5:15 am
Yes, you can certainly edit the configurations to suit your requirements.


When a SSL certificate is installed should not be installed from webuzo also for email automatically?
So if i try to configure the email in a client i dont have the error of missmatch certificate with imap.example.com?

Do you know now if a SSL certificate is installed it work on the website side but not in email side?
Do you think this can be improved?

Thanks.

Posted By: valley on July 30, 2014, 9:58 am | Post: 3
Quote From : peopleinside July 30, 2014, 8:06 am
Quote From : valley July 30, 2014, 5:15 am
Yes, you can certainly edit the configurations to suit your requirements.


When a SSL certificate is installed should not be installed from webuzo also for email automatically?
So if i try to configure the email in a client i dont have the error of missmatch certificate with imap.example.com?

Do you know now if a SSL certificate is installed it work on the website side but not in email side?
Do you think this can be improved?

Thanks.


We shall make this provision in Webuzo


-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter


Posted By: Guest on March 22, 2015, 6:25 pm | Post: 4
I continue to look into this issue:
http://www.softaculous.com/board/index.php?tid=7342&title=PHP_5.6_and_SSL/TLS_email_authentication

now PHP 5.6 required a valid certificate so issue with email because email managed by webuzo use TLS or Self Signed certificate who are not recognized as secure.. so some script as Hesk, Wordpress SMTP not work also incoming email because can't be established a secure connection and so PHP 5.6 refuse that.

There is some update on this?

Posted By: valley on March 24, 2015, 6:46 am | Post: 5
We shall replicate the issue and provide a solution ASAP.
Apology for the inconvenience caused.

-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter


Posted By: wolke on April 27, 2015, 7:28 am | Post: 6
Installing a cert for a website should certainly not working automagically for the email server. If you have a cert for mydomain.com (web) and you are using mail.mydomain.com (for mail) it won´t work unless you have an expensive multiple-domain cert.

But there should be a choice for which services the installed cert is good.will be used.

Posted By: Guest on April 27, 2015, 9:32 am | Post: 7
Yes wolke is true.
So for made email works maybe needs an expensive certificate or two certificate, once for the domain (website) and one for email.

For email will be the same kind of certificate for website with the only difference in address like mail.domain.com?

And once I had bayed this certificate does Webuzo help to install in email side? I think not. Webuzo helps only in web side.

Posted By: wolke on April 28, 2015, 9:41 am | Post: 8
You are in no way obliged to buy a multidomain cert for that. Regarding the php 5.6 issue: Client stream wrappers only changed the default way of working. Now the default is to verify peer and peername. It does´nt mean that self-signed certs can´t be used any longer. The default behaviour can easily be changed.

Quote

    The default CA bundle may be overridden on a global basis by setting
    either the openssl.cafile or openssl.capath configuration setting, or on a
    per request basis by using the
    cafile or
    capath
    context options.
 

 
    While not recommended in general, it is possible to disable peer
    certificate verification for a request by setting the
    verify_peer
    context option to FALSE, and to disable peer name validation by setting
    the verify_peer_name
    context option to FALSE.
 


Source. http://php.net/manual/en/migration56.incompatible.php


Edited by wolke : April 28, 2015, 9:41 am

Posted By: Guest on April 28, 2015, 11:36 am | Post: 9
Many thanks @wolke,

if i don't want disableverify_peer and can't by a multi domain certificate can i solve buying a certificate for mail.example.com ? Do you think this will solve?

Solve.. after buying this I need know how to configure for work in email.. because SSL is now right installed - thanks to Webuzo interface but this is for the website, for fix insecure email i don't know how to do that after buying a certificate mail.example.com

Posted By: wolke on April 29, 2015, 11:19 am | Post: 10
I don´treally understand why you do not simply use example.com for mailservices, use your existing example.com cert and change configuration of dovecot/exim by hand. Log in as root on a shell and for dovecot goto

/etc/dovecot/conf.d/10-auth.conf

Documentation about the settings under: http://wiki2.dovecot.org/SSL

You may want to repeat these steps for other services like exim or your ftp server.




Edited by wolke : April 29, 2015, 11:19 am

Posted By: valley on June 12, 2015, 6:34 am | Post: 11
Thanks for the info.

-----------------------
Webuzo : Single User Control Panel
Join Webuzo :
Facebook
Twitter


Posted By: Guest on June 14, 2015, 8:47 pm | Post: 12
You can configure domain.com as mailserver? I think you should have mail.domain.com

because when you configure software like Thunderbird the address is mail.domain.com and my certificate not include the subdomain.

Now i installed a SSL for mail.domain.com and setup on 10-ssl.conf file for dovecot and exim.conf file but not work.

I can't send email.. so using TLS all work fine but every time someone add an email is untrusted certificate from client email so this generate warning.

I can't find in Internet a video or guide to how set email certificate for email client on VPS.

Posted By: wolke on June 15, 2015, 5:42 am | Post: 13
You can use whatever you want as Mailserver Domain as long as you put the proper mx entries in DNS. This has nothing to do with your email client which you can -of course- configure to use domain.com as mailserver. Don´t use the new account wizard or change the settings afterwards.

You may have to add the intermediary certificate from the CA (merge into your cert or as a file) to the dovecot/exim config to have your cert recognized as valid.

And you should watch the logs after dovecot / exim restart. Any Errors? Maybe a can´t read certificate file? Then take care about file permissions.


Edited by wolke : June 15, 2015, 5:44 am

Posted By: Guest on June 15, 2015, 7:49 am | Post: 14
Thank you @wolke!
You are very kind and patient to reply to me.

For now I've generated a Startssl certificate but when i check the pem file via SSH with

@ opensll verify cert.pem i see an error so i started a topic on startSSL Forum.

unable to load certificate
PEM routines :P EM_read_bio:bad end line:pem_lib.c:802:

I will see.
Thanks.

Powered By AEF 1.0.8 © 2007-2008 Electron Inc.