#1  
Old 17th December 2009, 14:21
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 3 Times in 3 Posts
Send a message via AIM to carlosinfl
Default Secure My Apache Config

I have a mail server running Postfix & Apache for web mail application. I followed this guide which walks you through creating 'self signed SSL certificates for Postfix and Dovecot. The SSL certs are working fine since I tested them with TLS / SASL via email however my question is can I also use the same generated SSL certificates to make my webmail session via Apache secure?

My DocumentRoot is configued to take you to *mydomain.us* and then there is a link for *mydomain.us/webmail* and the webmail sub directory is what I would like to be running on port 443.

Anyone know if this is possible with out some crazy configuration modifications? I would think I simply need to add a 'virtual host' entry in /etc/httpd/conf/httpd.conf file pointing to the location of my SSL certificates on the server.
Reply With Quote
Sponsored Links
  #2  
Old 17th December 2009, 15:08
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 99 Times in 95 Posts
Default

You are correct sir

You need to create a new VirtualHost on port 443 and define ssl options inside that virtualhost scope

f.e.

Code:
<VirtualHost 1.2.3.4:443>
 VirtualDocumentRoot /path/to/your/webmail
 ServerName		webmail.yourdomain.tld

 SSLEngine On
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLCertificateKeyFile /path/to/your/ssl/cert/server.key
 SSLCertificateFile /path/to/your/ssl/cert/server.cert
</VirtualHost>
Your webmail will now be available through: https://webmail.yourdomain.tld
Reply With Quote
  #3  
Old 17th December 2009, 15:23
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 3 Times in 3 Posts
Send a message via AIM to carlosinfl
Default

Quote:
Originally Posted by Mark_NL View Post
f.e.

Code:
<VirtualHost 1.2.3.4:443>
 VirtualDocumentRoot /path/to/your/webmail
 ServerName		webmail.yourdomain.tld

 SSLEngine On
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLCertificateKeyFile /path/to/your/ssl/cert/server.key
 SSLCertificateFile /path/to/your/ssl/cert/server.cert
</VirtualHost>
With my current config without the SSL or Virtual Host, I access webmail only by going to www.mydomain.tld/webmail.

Your webmail will now be available through: https://webmail.yourdomain.tld
Oh so now with this entry I can access my webmail server with an alias? Even if my server hostname is not 'webmail', I should still be able to do some kind of redirect from https://www.yourdomain.tld >> https://webmail.yourdomain.tld?
Reply With Quote
  #4  
Old 17th December 2009, 15:24
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 3 Times in 3 Posts
Send a message via AIM to carlosinfl
Default

Quote:
Originally Posted by Mark_NL View Post
f.e.

Code:
<VirtualHost 1.2.3.4:443>
 VirtualDocumentRoot /path/to/your/webmail
 ServerName		webmail.yourdomain.tld

 SSLEngine On
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLCertificateKeyFile /path/to/your/ssl/cert/server.key
 SSLCertificateFile /path/to/your/ssl/cert/server.cert
</VirtualHost>
With my current config without the SSL or Virtual Host, I access webmail only by going to www.mydomain.tld/webmail.

Your webmail will now be available through: https://webmail.yourdomain.tld
Oh so now with this entry I can access my webmail server with an alias? Even if my server hostname is not 'webmail', I should still be able to do some kind of redirect from https://www.yourdomain.tld >> https://webmail.yourdomain.tld?

Right now w/o the SSL or Virtual Host config, I access my webmail via http as www.mydomain.tld/webmail.
Reply With Quote
  #5  
Old 17th December 2009, 15:44
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 99 Times in 95 Posts
Default

So currently you have:
http://www.mydomain.tld/webmail

and you want to reach webmail via
https://www.mydomain.tld/webmail
as well?

Since webmail is an alias (points to a Directory directive), you would need to config a global SSL setting so you can reach ALL website with or w/o SSL ..

if you run one domain on it and want normal/ssl connections to the website and the webmail alias, just copy and paste your existing VirtualHost, change the port to 443 and add the SSL options, save, restart, done.
Reply With Quote
  #6  
Old 17th December 2009, 19:05
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 3 Times in 3 Posts
Send a message via AIM to carlosinfl
Default

Thanks all for the awesome help. I will do this today and post back if something doesn't work.

-Carlos
Reply With Quote
  #7  
Old 17th December 2009, 20:18
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 3 Times in 3 Posts
Send a message via AIM to carlosinfl
Default

There is no "Virtual Host" entry in my 'httpd.conf' file but I did find on my Linux distribution (Arch Linux) a /etc/httpd/conf/extra/httpd-ssl.conf. In that file I have the following:

Code:
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/var/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex  "file:/var/run/httpd/ssl_mutex"

<VirtualHost _default_:443>

DocumentRoot "/srv/http/webmail"
ServerName www.mydomain.tld:443
ServerAdmin admin@mydoma.tld
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/path/to/server.crt"
SSLCertificateKeyFile "/path/to/server.key"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/http/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog "/var/log/httpd/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
Do I need to copy the uncommented entries I posted above from the httpd-ssl.conf file to the bottom of my httpd.conf file?
Reply With Quote
Reply

Bookmarks

Tags
apache, ssl certificate

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
problems with suexec gobokster Installation/Configuration 7 7th May 2009 13:33
Spamsnake - Problem with spamassassin, FuzzyOcr and MySQL debuguser HOWTO-Related Questions 6 16th September 2008 18:37
CENTOS 5 Ping Problem gAnDo Server Operation 11 28th March 2008 20:58
ISPConfig 2.2.14 released till General 48 19th July 2007 23:46
spamassasin/clamAV not working Daisy Installation/Configuration 32 15th February 2007 00:09


All times are GMT +2. The time now is 12:53.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.