Secure URL

[pfefferc]

I installed my SSL Certificate. When I type http://mydomain.com it will automatically redirect to https://mydomain.com. However, once I log in, it redirects back to http://mydomain.com.

If I type https://mydomain and log in, it stays at https://mydomain.com.

Any ideas why it won't stay at https???

[jholder]

Is this bug what you mean:
http://bugzilla.zimbra.com/show_bug.cgi?id=5594

-john

[LMStone]

Is this bug what you mean:
http://bugzilla.zimbra.com/show_bug.cgi?id=5594

-john

This bug is a big issue for us; we are trying to deploy Zimbra as a HIPAA-compliant intra-domain system and of course it means we need a workaround.

The behaviour we want is for a user to be able to type the server's FQDN in a browser (which means http initially), get redirected to an https login screen, and then stay https thereafter.

Right now, the only way to have an https-only session for some users and still have http work for others is to ask the https users to use a predefined shortcut, e.g.:

https://ourzimbraserver.ourdomain.co...initMode=https

That's a real detriment for deploying Zimbra for secure email usage.

Mark

[phoenix]

This bug is a big issue for us; we are trying to deploy Zimbra as a HIPAA-compliant intra-domain system and of course it means we need a workaround.

If that's important to you then you need to vote on it and raise a support case with Zimbra so they can attach it to the bug.

[LMStone]

If that's important to you then you need to vote on it and raise a support case with Zimbra so they can attach it to the bug.

I had already had a conversation with support about this when we first deployed Zimbra.

[marcmac]

If you want https only access, search the docs for the zmtlsctl command, which will do exactly that.

Or search the forums. Or the wiki.

[LMStone]

If you want https only access, search the docs for the zmtlsctl command, which will do exactly that.

Or search the forums. Or the wiki.

Sorry, I probably didn't describe the behaviour I'm seeking clearly so let me try again.

Non-technical users don't type "http.." in a browser, they type the FQDN of the Zimbra server only. Indeed, they resent having to type "htt..." and often incorrectly type (or forget to type) the colon and slashes.

Here is the use case I would like:

1. User types the FQDN of the Zimbra server in a browser.
2. Zimbra redirects the login screen to an https session to ensure the login credentials are encrypted when transmitted.
3. After a successful login, the session remains https, so all email traffic is also encrypted.

After speaking with Zimbra support after first installing 4.0.3NE and trying all of the zmtlsctl options, the above use case to my knowledge is not available in Zimbra.

If I'm wrong, apologies first, and then a request as to how I can correctly use the zmtlsctl command.

Thanks,
Mark

[phoenix]

Here is the use case I would like:

1. User types the FQDN of the Zimbra server in a browser.
2. Zimbra redirects the login screen to an https session to ensure the login credentials are encrypted when transmitted.
3. After a successful login, the session remains https, so all email traffic is also encrypted.

After speaking with Zimbra support after first installing 4.0.3NE and trying all of the zmtlsctl options, the above use case to my knowledge is not available in Zimbra.

As far as I know it's not available. The same answer from earlier applies - if you want a specific enhancement then you must create a bug report, vote on it and also raise a case with tech support so they can get it attached to the bug entry. Without that, nothing will be done. If there's no bug report then it will never get looked at. Do you have a bug report that describes your problem/requirement?

[LMStone]

As far as I know it's not available. The same answer from earlier applies - if you want a specific enhancement then you must create a bug report, vote on it and also raise a case with tech support so they can get it attached to the bug entry. Without that, nothing will be done. If there's no bug report then it will never get looked at. Do you have a bug report that describes your problem/requirement?

The bug is http://bugzilla.zimbra.com/show_bug.cgi?id=7631.

It seems to have been around since 3.1.1, which probably explains why support knew about it when I asked originally. I just voted for it and I'll call support tomorrow as you suggested to raise a more formal case regarding it.

Thanks for the help to get more attention focused on this bug.

All the best,
Mark

[phoenix]

That bug seems to be scheduled to be fixed in the next major release, just send an email to support with your comments and ask for your case to be added to the bug - that will do it.