This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

SSL Basics

4 posts / 0 new

Topic locked

Last post

#1 Thu, 02/18/2010 - 11:55

gl3ny

SSL Basics

I found this quite helpful for anyone as dumb as me interested in basic SSL

http://www.verisign.com/ssl/ssl-information-center/ssl-resources/guide-s...

The trouble is verisign is tring to sell something and it looks like it can get very expensive with SSL certs so please forgive me for my stupid questions.

Do I need an SSL certificate to stop the browser warnings at the login (and is that because it is a self signed cert.) or and other https:// page hosted with virtualmin?
Do I need an SSL certificate for email (postfix, dovecot, etc) to be secure or to stop email client warnings?
If I purchase an SSL certificated do I need to purchase one for every domain, or a special one for multiple domains or can I get the cheap one from GoDaddy and use it for everything on Virtualmin/Webmin?

#2 Thu, 02/18/2010 - 12:22

andreychek

Howdy,

Do I need an SSL certificate to stop the browser warnings at the login or and other https:// page hosted with virtualmin?

Well, to be clear -- I think what you're asking for is more of a "commercial SSL cert".

You can setup an SSL certificate for free out of the box, but what you'll end up with is a self-signed certificate. And that'll encrypt your traffic and such and prevent any eavesdropping -- but web browsers and email clients will complain, since it's not signed by a trusted source.

The easiest way to solve that -- to get an SSL certificate signed by a trusted source -- is to buy one from a company such as GoDaddy.

At $30 a year or so, it's not prohibitively expensive or anything, and it makes those annoying warnings go away :-)

If I purchase an SSL certificated do I need to purchase one for every domain

That depends on how you plan to use it :-)

Personally, I'd suggest buying just one certificate for one domain on your server -- lets call it "primary_domain.com".

And then, setup your users so that they're connecting to "primary_domain.com" when checking email, or going to Virtualmin, and so forth.

-Eric

#3 Thu, 02/18/2010 - 13:40 (Reply to #2)

gl3ny

[quote]Personally, I'd suggest buying just one certificate for one domain on your server -- lets call it "primary_domain.com."

And then, setup your users so that they're connecting to "primary_domain.com" when checking email, or going to Virtualmin, and so forth"[/quote]

Does that mean that they would all have to have email accounts@primary_domain.com or is there a way to route it through the primary domains to still have email@other_domains.com?

#4 Thu, 02/18/2010 - 13:31

andreychek

Does that mean that they would all have to have email accounts@primary_domain.com

No, they can have any email address they want.

What it does mean is that when they setup Outlook or Thunderbird or whatever, that the SMTP and IMAP hosts they connect to would be primary_domain.com.

-Eric

Topic locked