Secure URL

[LMStone]

Quote:

Originally Posted by phoenix

That bug seems to be scheduled to be fixed in the next major release, just send an email to support with your comments and ask for your case to be added to the bug - that will do it.

Thanks for the follow up; it is sincerely appreciated!

Would "the next major release" be 4.5.3 or 5.0.0?

All the best,
Mark

[bobby]

pfefferc:
what version of ZCS are you running? have you already attempted customization of Login.jsp?

LMStone:
the workaround is pretty simple:

1. Edit /opt/zimbra/tomcat/webapps/zimbra/public/Login.jsp and comment out this
statement so that http connections are *never redirected back* to http:

Code:

  qs = emptyQs? "?initMode=" + currentProto: qs + "&initMode=" +
  currentProto;

2. Set the mail mode to mixed to allow the initial http connections that will be redirected to https:

Code:

zmtlsctl mixed
tomcat restart

edit: the "next major release" will be ZCS 5.0

[fizi]

For my server this is how I do my redirect.

At http://webmail.mydomain.ca/ it loads a PHP page as follows:

PHP Code:

<?php

header("Location: https://webmail.mydomain.ca/"); //Redirect to secure webmail

?>

I haven't had a single problem with it switching back to http.

Edit: Oh the reason why I do this is because I already have a web server running on 80 (HTTP) and I have Zimbra Webmail running ONLY on 443 (HTTPS).

[robbyt]

what i've done to get around this is run lighttpd on port 80, and have zimbra only setup for https. then when anyone connects to my separate lighttpd running on p80, the get a 320 that points them to https

good to know that the proper fix is on it's way though!

[Rich Graves]

For those of you in sensitive environments, please be aware of http://bugzilla.zimbra.com/show_bug.cgi?id=14538

I'd originally sent that as a private support request, but it looks like they made it public. Until that issue is fully addressed, then you might want to force your users to type in or bookmark the https.

[Rich Graves]

Re fizi's reply: You might need something that's able to redirect http://zimbra/some/specific/url to https://zimbra/some/specific/url, not just the top level redirect.

The reason for this is that Apple's iCal, and possibly other things, supports https but won't let you type in https URLs. So to subscribe to a public Zimbra calendar (without the iSync connector), you need to enter the URL as http:// or webcal://, accept the redirect, and internally use https.

[fizi]

Quote:

Originally Posted by Rich Graves

Re fizi's reply: You might need something that's able to redirect http://zimbra/some/specific/url to https://zimbra/some/specific/url, not just the top level redirect.

The reason for this is that Apple's iCal, and possibly other things, supports https but won't let you type in https URLs. So to subscribe to a public Zimbra calendar (without the iSync connector), you need to enter the URL as http:// or webcal://, accept the redirect, and internally use https.

I am the sole user of my mail server and I don't use a Mac

Thanks for the tip though! A quick modification of that php script could do exactly what you are asking.

[wifi_guy]

Hey guys,

I am coming into this one a little late. I keep hearing this issue will be fixed in the next major release, which sounded like it would be 5.0?

I am running 7.0, shouldn't this be fixed by now? We are seeing this issue where our clients go to the FQDN, while the login page is https, once logged in it rolls back to http.

We are running zmtlsctl mixed.

Thoughts?