Page 1 of 2 | 1 | 2 | > | >> | All |
Posted By: peopleinside on July 29, 2014, 3:48 pm |
Hi,
i have installed a SSL certificate, i see there are correctly created certificate for dovecot but is not in use.. if i go on dovecot/conf.d/10-ssl.conf the key and the .pem file is the default not the installed SSL This should change when a SSL is installed and should come back to the original if certificate is unistalled from webuzo. ----------------------- PeopleInside Web, security, open source passionate. |
Posted By: valley on July 30, 2014, 5:15 am | Post: 1 |
Yes, you can certainly edit the configurations to suit your requirements.
----------------------- Webuzo : Single User Control Panel Join Webuzo : |
Posted By: peopleinside on July 30, 2014, 8:06 am | Post: 2 |
Quote From : valley July 30, 2014, 5:15 am Yes, you can certainly edit the configurations to suit your requirements. When a SSL certificate is installed should not be installed from webuzo also for email automatically? So if i try to configure the email in a client i dont have the error of missmatch certificate with imap.example.com? Do you know now if a SSL certificate is installed it work on the website side but not in email side? Do you think this can be improved? Thanks. ----------------------- PeopleInside Web, security, open source passionate. |
Posted By: valley on July 30, 2014, 9:58 am | Post: 3 |
Quote From : peopleinside July 30, 2014, 8:06 am Quote From : valley July 30, 2014, 5:15 am Yes, you can certainly edit the configurations to suit your requirements. When a SSL certificate is installed should not be installed from webuzo also for email automatically? So if i try to configure the email in a client i dont have the error of missmatch certificate with imap.example.com? Do you know now if a SSL certificate is installed it work on the website side but not in email side? Do you think this can be improved? Thanks. We shall make this provision in Webuzo ----------------------- Webuzo : Single User Control Panel Join Webuzo : |
Posted By: peopleinside on March 22, 2015, 6:25 pm | Post: 4 |
I continue to look into this issue:
http://www.softaculous.com/board/index.php?tid=7342&title=PHP_5.6_and_SSL/TLS_email_authentication now PHP 5.6 required a valid certificate so issue with email because email managed by webuzo use TLS or Self Signed certificate who are not recognized as secure.. so some script as Hesk, Wordpress SMTP not work also incoming email because can't be established a secure connection and so PHP 5.6 refuse that. There is some update on this? ----------------------- PeopleInside Web, security, open source passionate. |
Posted By: valley on March 24, 2015, 6:46 am | Post: 5 |
We shall replicate the issue and provide a solution ASAP.
Apology for the inconvenience caused. ----------------------- Webuzo : Single User Control Panel Join Webuzo : |
Posted By: peopleinside on April 27, 2015, 9:32 am | Post: 7 |
Yes wolke is true.
So for made email works maybe needs an expensive certificate or two certificate, once for the domain (website) and one for email. For email will be the same kind of certificate for website with the only difference in address like mail.domain.com? And once I had bayed this certificate does Webuzo help to install in email side? I think not. Webuzo helps only in web side. ----------------------- PeopleInside Web, security, open source passionate. |
Posted By: wolke on April 28, 2015, 9:41 am | Post: 8 |
You are in no way obliged to buy a multidomain cert for that. Regarding the php 5.6 issue: Client stream wrappers only changed the default way of working. Now the default is to verify peer and peername. It does´nt mean that self-signed certs can´t be used any longer. The default behaviour can easily be changed.
Quote The default CA bundle may be overridden on a global basis by setting either the openssl.cafile or openssl.capath configuration setting, or on a per request basis by using the cafile or capath context options. While not recommended in general, it is possible to disable peer certificate verification for a request by setting the verify_peer context option to FALSE, and to disable peer name validation by setting the verify_peer_name context option to FALSE. Source. http://php.net/manual/en/migration56.incompatible.php Edited by wolke : April 28, 2015, 9:41 am |
Posted By: peopleinside on April 28, 2015, 11:36 am | Post: 9 |
Many thanks @wolke,
if i don't want disableverify_peer and can't by a multi domain certificate can i solve buying a certificate for mail.example.com ? Do you think this will solve? Solve.. after buying this I need know how to configure for work in email.. because SSL is now right installed - thanks to Webuzo interface but this is for the website, for fix insecure email i don't know how to do that after buying a certificate mail.example.com ----------------------- PeopleInside Web, security, open source passionate. |
Posted By: wolke on April 29, 2015, 11:19 am | Post: 10 |
I don´treally understand why you do not simply use example.com for mailservices, use your existing example.com cert and change configuration of dovecot/exim by hand. Log in as root on a shell and for dovecot goto
/etc/dovecot/conf.d/10-auth.conf Documentation about the settings under: http://wiki2.dovecot.org/SSL You may want to repeat these steps for other services like exim or your ftp server. Edited by wolke : April 29, 2015, 11:19 am |
Posted By: valley on June 12, 2015, 6:34 am | Post: 11 |
Thanks for the info.
----------------------- Webuzo : Single User Control Panel Join Webuzo : |
Posted By: peopleinside on June 14, 2015, 8:47 pm | Post: 12 |
You can configure domain.com as mailserver? I think you should have mail.domain.com
because when you configure software like Thunderbird the address is mail.domain.com and my certificate not include the subdomain. Now i installed a SSL for mail.domain.com and setup on 10-ssl.conf file for dovecot and exim.conf file but not work. I can't send email.. so using TLS all work fine but every time someone add an email is untrusted certificate from client email so this generate warning. I can't find in Internet a video or guide to how set email certificate for email client on VPS. ----------------------- PeopleInside Web, security, open source passionate. |
Posted By: peopleinside on June 15, 2015, 7:49 am | Post: 14 |
Thank you @wolke!
You are very kind and patient to reply to me. For now I've generated a Startssl certificate but when i check the pem file via SSH with @ opensll verify cert.pem i see an error so i started a topic on startSSL Forum. unable to load certificate PEM routines EM_read_bio:bad end line:pem_lib.c:802: I will see. Thanks. ----------------------- PeopleInside Web, security, open source passionate. |