Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Security
security Error: Domain Name Mismatch
You have attempted to establish a connection with
"www.domain.com". However, the security certificate
presented belongs to "localhost". It is possible though
unlikely, that someone may be trying to intercept your
communication with this website.
If you suspect the certicate shown does not belong to
"www.domain.com". please cancel the connection and notify
the site administrator.
[Vies Certificate] [Cancel] [OK]
I'm prepared creating SelfSigned SSL certificate to satisty it. Googling brought me lot of documents. After screening I found follows may be suitable for my application;
If you're just wanting to create a self signed certificate for https, then follow one of the ones to create one for apache. If you only want your MTA to have a SSL cert, then follow the howto for it.
Squirrelmail will usually only need localhost access to IMAP, so you really don't need to create a SSL cert for this, just lockout IMAP from the outside world and only allow localhost access, unless you want users the ability to retrieve their email without using squirrelmail.
If you're just wanting to create a self signed certificate for https, then follow one of the ones to create one for apache. If you only want your MTA to have a SSL cert, then follow the howto for it.
Squirrelmail will usually only need localhost access to IMAP, so you really don't need to create a SSL cert for this, just lockout IMAP from the outside world and only allow localhost access, unless you want users the ability to retrieve their email without using squirrelmail.
My main purpose creating Self-signed certificate on postix is to get rid off the warning on first time starting Firefox/SquirrelMail each day or after reboot. Besides I can learn its creation which is of minor importance.
Contrary to intuition, this problem has nothing to do with Postfix. The trouble is that your webserver is presenting a certificate that was generated for the machine "localhost", but is being used as a front for "domain.com". You need to generate a certificate that claims to represent "domain.com"; unfortunately, none of the scripts you listed shows exactly how to do that.
The command set you need for this task is openssl x509; the manpage for x509 describes the options. When the script comes to the point of asking you for the "Common Name" to be included in the certificate, you need to answer "www.domain.com".
The bad news is that, even with all this, when a browser first visits your site, it is still going to complain about your certificate, only now instead of complaining that the hostname doesn't match, it is going to complain that the certificate is of doubtful authenticity, since it is self-signed. Oh well, unless you are willing to plunk down some cash to get a trusted authority to vouch for you, that is the price of doing business in these latter days.
lots of good docs and walk throughs. You first want to create a self signed cert for apache and then you might want to create one for your mail server too (for encrypted pop/smtp access.)
My main purpose creating Self-signed certificate on postix is to get rid off the warning on first time starting Firefox/SquirrelMail each day or after reboot. Besides I can learn its creation which is of minor importance.
B.R.
satimis
You should really explain that then. You asked which one you should use, I answered. Now you're just wanting to get rid of the warning that pops up which will occur on any signed certificate, you need to tell your browser to accept on future connections, which is totally different but you should understand the difference between the certs if you ask about them, since apparently you did not even understand your own question or problem to begin with going with what you asked originally. There is nothing you need to do on the cert or server side of things if your browser is being stupid and prompts each time even after you import to accept it,that's a browser issue at this point.
You should really explain that then. You asked which one you should use, I answered. Now you're just wanting to get rid of the warning that pops up which will occur on any signed certificate, you need to tell your browser to accept on future connections, which is totally different but you should understand the difference between the certs if you ask about them, since apparently you did not even understand your own question or problem to begin with going with what you asked originally. There is nothing you need to do on the cert or server side of things if your browser is being stupid and prompts each time even after you import to accept it,that's a browser issue at this point.
Sorry I got a wrong answer on SquirrelMail mailing list.
When I found that warning during installing and configuring SquirrelMail, I posted the problem on their mailing list. I was anwsered that this is admin problem on server and that I should not ask that question on their list. I was advised either to buy a SSL certificate or to create a Self_signed SSL certificate myself.
So I search the whole world finding relevant document to build Self_signed SSL certicate. In fact my main target is to get rid off that warning. In addition I'm also interested on learning building the said certificate.
That is the whole story. Although SquirrelMail is now working fine on the server I'm still having lot of work on fine-tuning it. So if I can find a short way stopping the warning I prefer set aside creating the Self_signed SSL certificate for the time being.
That is the whole story. Although SquirrelMail is now working fine on the server I'm still having lot of work on fine-tuning it. So if I can find a short way stopping the warning I prefer set aside creating the Self_signed SSL certificate for the time being.
That's the problem from what you've described though. Create your SSL certificate for Apache to run https. The first time it prompts, accept and tell your browser to trust it on future connections. If it keeps prompting, it's an issue with Firefox, not the certificate.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.