Navigation

carlosinfl · #1 17th December 2009, 14:21

I have a mail server running Postfix & Apache for web mail application. I followed this guide which walks you through creating 'self signed SSL certificates for Postfix and Dovecot. The SSL certs are working fine since I tested them with TLS / SASL via email however my question is can I also use the same generated SSL certificates to make my webmail session via Apache secure?

My DocumentRoot is configued to take you to *mydomain.us* and then there is a link for *mydomain.us/webmail* and the webmail sub directory is what I would like to be running on port 443.

Anyone know if this is possible with out some crazy configuration modifications? I would think I simply need to add a 'virtual host' entry in /etc/httpd/conf/httpd.conf file pointing to the location of my SSL certificates on the server.

Mark_NL · #2 17th December 2009, 15:08

You are correct sir

You need to create a new VirtualHost on port 443 and define ssl options inside that virtualhost scope

f.e.

Code:

<VirtualHost 1.2.3.4:443>
 VirtualDocumentRoot /path/to/your/webmail
 ServerName		webmail.yourdomain.tld

 SSLEngine On
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLCertificateKeyFile /path/to/your/ssl/cert/server.key
 SSLCertificateFile /path/to/your/ssl/cert/server.cert
</VirtualHost>

Your webmail will now be available through: https://webmail.yourdomain.tld

carlosinfl · #3 17th December 2009, 15:23

Quote:

Originally Posted by Mark_NL

f.e.

Code:

<VirtualHost 1.2.3.4:443>
 VirtualDocumentRoot /path/to/your/webmail
 ServerName		webmail.yourdomain.tld

 SSLEngine On
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLCertificateKeyFile /path/to/your/ssl/cert/server.key
 SSLCertificateFile /path/to/your/ssl/cert/server.cert
</VirtualHost>

With my current config without the SSL or Virtual Host, I access webmail only by going to www.mydomain.tld/webmail.

Your webmail will now be available through: https://webmail.yourdomain.tld

Oh so now with this entry I can access my webmail server with an alias? Even if my server hostname is not 'webmail', I should still be able to do some kind of redirect from https://www.yourdomain.tld >> https://webmail.yourdomain.tld?

carlosinfl · #4 17th December 2009, 15:24

Quote:

Originally Posted by Mark_NL

f.e.

Code:

<VirtualHost 1.2.3.4:443>
 VirtualDocumentRoot /path/to/your/webmail
 ServerName		webmail.yourdomain.tld

 SSLEngine On
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLCertificateKeyFile /path/to/your/ssl/cert/server.key
 SSLCertificateFile /path/to/your/ssl/cert/server.cert
</VirtualHost>

With my current config without the SSL or Virtual Host, I access webmail only by going to www.mydomain.tld/webmail.

Your webmail will now be available through: https://webmail.yourdomain.tld

Oh so now with this entry I can access my webmail server with an alias? Even if my server hostname is not 'webmail', I should still be able to do some kind of redirect from https://www.yourdomain.tld >> https://webmail.yourdomain.tld?

Right now w/o the SSL or Virtual Host config, I access my webmail via http as www.mydomain.tld/webmail.

Mark_NL · #5 17th December 2009, 15:44

So currently you have:
http://www.mydomain.tld/webmail

and you want to reach webmail via
https://www.mydomain.tld/webmail
as well?

Since webmail is an alias (points to a Directory directive), you would need to config a global SSL setting so you can reach ALL website with or w/o SSL ..

if you run one domain on it and want normal/ssl connections to the website and the webmail alias, just copy and paste your existing VirtualHost, change the port to 443 and add the SSL options, save, restart, done.

carlosinfl · #6 17th December 2009, 19:05

Thanks all for the awesome help. I will do this today and post back if something doesn't work.

-Carlos

carlosinfl · #7 17th December 2009, 20:18

There is no "Virtual Host" entry in my 'httpd.conf' file but I did find on my Linux distribution (Arch Linux) a /etc/httpd/conf/extra/httpd-ssl.conf. In that file I have the following:

Code:

Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/var/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex  "file:/var/run/httpd/ssl_mutex"

<VirtualHost _default_:443>

DocumentRoot "/srv/http/webmail"
ServerName www.mydomain.tld:443
ServerAdmin admin@mydoma.tld
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/path/to/server.crt"
SSLCertificateKeyFile "/path/to/server.key"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/http/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog "/var/log/httpd/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

Do I need to copy the uncommented entries I posted above from the httpd-ssl.conf file to the bottom of my httpd.conf file?

Navigation

Facebook

News

Recent comments

Newsletter