I have a mail server running Postfix & Apache for web mail application. I followed this guide which walks you through creating 'self signed SSL certificates for Postfix and Dovecot. The SSL certs are working fine since I tested them with TLS / SASL via email however my question is can I also use the same generated SSL certificates to make my webmail session via Apache secure? My DocumentRoot is configued to take you to *mydomain.us* and then there is a link for *mydomain.us/webmail* and the webmail sub directory is what I would like to be running on port 443. Anyone know if this is possible with out some crazy configuration modifications? I would think I simply need to add a 'virtual host' entry in /etc/httpd/conf/httpd.conf file pointing to the location of my SSL certificates on the server.
You are correct sir You need to create a new VirtualHost on port 443 and define ssl options inside that virtualhost scope f.e. Code: <VirtualHost 1.2.3.4:443> VirtualDocumentRoot /path/to/your/webmail ServerName webmail.yourdomain.tld SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateKeyFile /path/to/your/ssl/cert/server.key SSLCertificateFile /path/to/your/ssl/cert/server.cert </VirtualHost> Your webmail will now be available through: https://webmail.yourdomain.tld
Oh so now with this entry I can access my webmail server with an alias? Even if my server hostname is not 'webmail', I should still be able to do some kind of redirect from https://www.yourdomain.tld >> https://webmail.yourdomain.tld?
Oh so now with this entry I can access my webmail server with an alias? Even if my server hostname is not 'webmail', I should still be able to do some kind of redirect from https://www.yourdomain.tld >> https://webmail.yourdomain.tld? Right now w/o the SSL or Virtual Host config, I access my webmail via http as www.mydomain.tld/webmail.
So currently you have: http://www.mydomain.tld/webmail and you want to reach webmail via https://www.mydomain.tld/webmail as well? Since webmail is an alias (points to a Directory directive), you would need to config a global SSL setting so you can reach ALL website with or w/o SSL .. if you run one domain on it and want normal/ssl connections to the website and the webmail alias, just copy and paste your existing VirtualHost, change the port to 443 and add the SSL options, save, restart, done.
Thanks all for the awesome help. I will do this today and post back if something doesn't work. -Carlos
There is no "Virtual Host" entry in my 'httpd.conf' file but I did find on my Linux distribution (Arch Linux) a /etc/httpd/conf/extra/httpd-ssl.conf. In that file I have the following: Code: Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/var/run/httpd/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLMutex "file:/var/run/httpd/ssl_mutex" <VirtualHost _default_:443> DocumentRoot "/srv/http/webmail" ServerName www.mydomain.tld:443 ServerAdmin [email protected] ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "/path/to/server.crt" SSLCertificateKeyFile "/path/to/server.key" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/srv/http/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/var/log/httpd/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> Do I need to copy the uncommented entries I posted above from the httpd-ssl.conf file to the bottom of my httpd.conf file?
