Group: netwin.surgemail
From: Tom Cross <tomc@html.com.au>
Subject: [SurgeMail List] SSL Certs for Domains
Date: Wed, 03 May 2017 12:12:00 +1000

Hi 
Some customers are having problems when connecting through Chrome and Firefox.
Saying connection is saying "Connection Not Secure"
A couple of other customers as well as that have their Anti Virus (Avast and Vipre)
Refusing connection to the site.
We have IP Based Domains on the mail server.
Do we have to and how do we setup certificates for each domain please??
 
tom cross
m: 0418 295 336
partner HTMLnet.


 

Click for full image 8k
From: surgemail-support <surgemail-support@netwinsite.com>
Date: Wed, 3 May 2017 15:10:54 +1200

This is a multi-part message in MIME format.
--------------A5B90ACA81824E2B2C23DE56
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

Yes you need ssl certificates, unsigned ssl is no longer considered 
acceptable as it leaves giant gaping security issues.

You don't strictly need one for every domain if your users are happy to 
connect to a primary domain instead of their own domain.

But normally one would setup a certificates for each domain.

So first set g_ssl_per_domain "true" (or not)

Then In the web admin too open the ssl config page to create a 'csr' for 
each domain, then use your favorite ssl registration service to get a 
signed certificate for each domain, and install them by placing the 
surge_cert.pem files in the appropriate surgemail/ssl/domain.name 
folders, also you will need to add the intermediate certificates to the 
surge_cert.pem file..

See more details here: http://netwinsite.com/surgemail/help/secure.htm

To make it easier I recommend

1) update to the latest surgemail from our website (we fixed some things 
in the ssl admin pages recently so this will save you time)

2) you may wish to use letsencrypt instead of standard certificates, 
letsencrypt is free.  (this also requires the latest surgemail)

     http://netwinsite.com/surgemail/help/letsencrypt.htm

     ChrisP.


On 3/05/2017 2:12 p.m., Tom Cross wrote:
> Hi
> Some customers are having problems when connecting through Chrome and 
> Firefox.
> Saying connection is saying "Connection Not Secure"
> A couple of other customers as well as that have their Anti Virus 
> (Avast and Vipre)
> Refusing connection to the site.
> We have IP Based Domains on the mail server.
> Do we have to and how do we setup certificates for each domain please??
> tom cross
> m: 0418 295 336
> partner HTMLnet.
>
>

-- 
I'd really appreciate it if you could take a moment to like us on 
FaceBook <https://www.facebook.com/SurgeMail-194672027239873>, thanks 
heaps! ChrisP.

--------------A5B90ACA81824E2B2C23DE56
Content-Type: multipart/related;
 boundary="------------57C999B494AEBAB29E71311F"


--------------57C999B494AEBAB29E71311F
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Yes you need ssl certificates, unsigned ssl is no longer
      considered acceptable as it leaves giant gaping security issues.</p>
    <p>You don't strictly need one for every domain if your users are
      happy to connect to a primary domain instead of their own domain.</p>
    <p>But normally one would setup a certificates for each domain.</p>
    <p>So first set g_ssl_per_domain "true" (or not) <br>
    </p>
    <p>Then In the web admin too open the ssl config page to create a
      'csr' for each domain, then use your favorite ssl registration
      service to get a signed certificate for each domain, and install
      them by placing the surge_cert.pem files in the appropriate
      surgemail/ssl/domain.name folders, also you will need to add the
      intermediate certificates to the surge_cert.pem file..</p>
    <p>See more details here:
      <a class="moz-txt-link-freetext" href="http://netwinsite.com/surgemail/help/secure.htm">http://netwinsite.com/surgemail/help/secure.htm</a><br>
    </p>
    <p>To make it easier I recommend</p>
    <p>1) update to the latest surgemail from our website (we fixed some
      things in the ssl admin pages recently so this will save you time)</p>
    <p>2) you may wish to use letsencrypt instead of standard
      certificates, letsencrypt is free.  (this also requires the latest
      surgemail)<br>
    </p>
    <p>    <a class="moz-txt-link-freetext" href="http://netwinsite.com/surgemail/help/letsencrypt.htm">http://netwinsite.com/surgemail/help/letsencrypt.htm</a><br>
    </p>
    <p>    ChrisP.</p>
    <p><br>
    </p>
    <div class="moz-cite-prefix">On 3/05/2017 2:12 p.m., Tom Cross
      wrote:<br>
    </div>
    <blockquote cite="mid:59093c70.680.bf0.7787@html.com.au" type="cite">
      <style>
 .sw_message P{margin:0px;padding:0px;}
 .sw_message {FONT-SIZE: 12pt;FONT-FAMILY:Tahoma,Arial,Helvetica,sans-serif;background:white;}
 .sw_message blockquote{margin-left:5px;padding-left:5px;border-left:2px solid #144fae;color: #144fae;}
 .sw_message blockquote blockquote{border-left:2px solid #006312;color: #006312;}
 .sw_message blockquote blockquote blockquote{border-left:2px solid #8e5656;color: #8e5656;}
 .sw_message blockquote blockquote blockquote blockquote{border-left:2px solid #888;color: #888;}
</style>
      <div>Hi </div>
      <div>Some customers are having problems when connecting through
        Chrome and Firefox.</div>
      <div>Saying connection is saying "Connection Not Secure"</div>
      <div>A couple of other customers as well as that have their Anti
        Virus (Avast and Vipre)</div>
      <div>Refusing connection to the site.</div>
      <div>We have IP Based Domains on the mail server.</div>
      <div>Do we have to and how do we setup certificates for each
        domain please??</div>
      <div> </div>
      <div id="editor_signature">tom cross
        <div>m: 0418 295 336</div>
        <div>partner HTMLnet.<br>
          <img src="cid:part1.31FF1862.79A9B991@netwinsite.com"><br>
        </div>
        <br>
      </div>
      <div> </div>
    </blockquote>
    <br>
    <div class="moz-signature">-- <br>
      I'd really appreciate it if you could take a moment to <a
        href="https://www.facebook.com/SurgeMail-194672027239873">
        like us on FaceBook</a>, thanks heaps! ChrisP.
    </div>
  </body>
</html>

--------------57C999B494AEBAB29E71311F
Content-Type: image/png

--------------A5B90ACA81824E2B2C23DE56--