On Tue, May 24, 2005 at 01:55:39PM +0100, Matt Parker wrote:
Chris Green wrote:
The sort of level of security that ssh provides would be ideal, however expecting users to set up an ssh tunnel whenever they want to read their mail is probably a non-starter.
Why not just generate an SSL key for Apache? You only have to buy a certificate if you want the "error" message to go away. Visit https://webmail.mpcontracting.co.uk to see if the "error" is acceptable to your users.
Yes, that's OK, we already get that when using the webmail on the site that hosts isbd.co.uk (since there's not a certificate for isbd.co.uk).
Here's a good primer on the procedure - http://slacksite.com/apache/certificate.html
I had looked at this before but one thing isn't clear - does the client have to do anything at all for this to work? If not then I'm confused about how SSL works, I thought the client had to provide a key of some sort.
Thanks for the http.conf changes, they don't look too onerous though I get bad feelings about what happens when I upgrade my Linux box and have to migrate all the customisation.