SurgeMail Archive: Re: [SurgeMail List] Secure email problem

Subject:	Re: [SurgeMail List] Secure email problem
From:	Steffen
Date:	18-Jan-2012
SNI is very limited supported by current browsers. I am using wildcards certificates with all the domains on the same IP, no problems with IMAP etc.. For surgeweb I use Apache with SSL in front of Surge via reverse proxy. All the benefits like deflate, access etc. are then available with apache. Steffen. www.apachelounge.com Op 18 jan. 2012 om 10:01 heeft Surgemail Support (Marijn) <surgemail-support@netwinsite.com> het volgende geschreven: Not as yet no, I was not even aware of that technology. I'll discuss with chris and have a go at implementing it in short order. Browser support still seems a little limited but definitely getting to be more mainstream (with the notable exception of any form of IE under windows XP). Thanks for pointing that out :-)) Marijn On Wednesday 18/01/2012 at 5:59 pm, surgemailHIDDEN@etwinsite.com wrote: So SurgeMail doesn't support SNI? Frank -----Original Message----- From: Surgemail Support [mailto:surgemailHIDDEN@t@netwinsite.com] Sent: Tuesday, January 17, 2012 4:18 PM To: surgemail-list@netwinsite.com Subject: Re: [SurgeMail List] Secure email problem Hi I just checked the source for the surgevault message generation, it looks like it should use the url_host as specified in surgemail.ini for the domain in question to generate the email secure. This means I think that the urls in the surgevault emails fall under the same rules as the surgeweb interface rules etc. ie you can have one certificate for all the domains on the server, but in order to not get any warnings you must make sure that all the domains use the same hostname in the url they use to connect to surgeweb etc. Alternatively, you can have the normal configuration of a separate hostname per domain. But for SSL to not come up with warnings you would need a separate certificate per domain, and separate ip address per domain is also needed to have surgemail identify the domain in question. Let me know if anyone has observations to the contrary. Marijn On Saturday 14/01/2012 at 5:10 am, Martin Abell wrote: We really like the ability in the new webmail client to send a secure email (i.e., an email with a link to a secure website that has the message). However, we have over a hundred domains that could use this, and if they do, the browser will complain about the certificate (the one for the server) not matching the domain name of the sender. Since purchasing and setting up and maintaining a large number of secure certificates is out of the question, wonder if anyone has an idea how to handle this. We could try to warn the person clicking on the link in the email they get that this will happen, but... not optimum. Larry and Martin SpeedSpan Cincinnati

Last Message | Next Message


Search website: