Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Secure URL

  1. #1
    pfefferc is offline Senior Member
    Join Date
    Jan 2007
    Posts
    58
    Rep Power
    8

    Question Secure URL

    I installed my SSL Certificate. When I type http://mydomain.com it will automatically redirect to https://mydomain.com. However, once I log in, it redirects back to http://mydomain.com.

    If I type https://mydomain and log in, it stays at https://mydomain.com.

    Any ideas why it won't stay at https???

  2. #2
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Is this bug what you mean:
    http://bugzilla.zimbra.com/show_bug.cgi?id=5594

    -john

  3. #3
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    10

    Default

    Quote Originally Posted by jholder View Post
    Is this bug what you mean:
    http://bugzilla.zimbra.com/show_bug.cgi?id=5594

    -john
    This bug is a big issue for us; we are trying to deploy Zimbra as a HIPAA-compliant intra-domain system and of course it means we need a workaround.

    The behaviour we want is for a user to be able to type the server's FQDN in a browser (which means http initially), get redirected to an https login screen, and then stay https thereafter.

    Right now, the only way to have an https-only session for some users and still have http work for others is to ask the https users to use a predefined shortcut, e.g.:

    https://ourzimbraserver.ourdomain.co...initMode=https

    That's a real detriment for deploying Zimbra for secure email usage.

    Mark

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Quote Originally Posted by LMStone View Post
    This bug is a big issue for us; we are trying to deploy Zimbra as a HIPAA-compliant intra-domain system and of course it means we need a workaround.
    If that's important to you then you need to vote on it and raise a support case with Zimbra so they can attach it to the bug.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    10

    Default

    Quote Originally Posted by phoenix View Post
    If that's important to you then you need to vote on it and raise a support case with Zimbra so they can attach it to the bug.
    I had already had a conversation with support about this when we first deployed Zimbra.

  6. #6
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default

    If you want https only access, search the docs for the zmtlsctl command, which will do exactly that.

    Or search the forums. Or the wiki.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  7. #7
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    10

    Default

    Quote Originally Posted by marcmac View Post
    If you want https only access, search the docs for the zmtlsctl command, which will do exactly that.

    Or search the forums. Or the wiki.
    Sorry, I probably didn't describe the behaviour I'm seeking clearly so let me try again.

    Non-technical users don't type "http.." in a browser, they type the FQDN of the Zimbra server only. Indeed, they resent having to type "htt..." and often incorrectly type (or forget to type) the colon and slashes.

    Here is the use case I would like:

    1. User types the FQDN of the Zimbra server in a browser.
    2. Zimbra redirects the login screen to an https session to ensure the login credentials are encrypted when transmitted.
    3. After a successful login, the session remains https, so all email traffic is also encrypted.

    After speaking with Zimbra support after first installing 4.0.3NE and trying all of the zmtlsctl options, the above use case to my knowledge is not available in Zimbra.

    If I'm wrong, apologies first, and then a request as to how I can correctly use the zmtlsctl command.

    Thanks,
    Mark

  8. #8
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Quote Originally Posted by LMStone View Post
    Here is the use case I would like:

    1. User types the FQDN of the Zimbra server in a browser.
    2. Zimbra redirects the login screen to an https session to ensure the login credentials are encrypted when transmitted.
    3. After a successful login, the session remains https, so all email traffic is also encrypted.

    After speaking with Zimbra support after first installing 4.0.3NE and trying all of the zmtlsctl options, the above use case to my knowledge is not available in Zimbra.
    As far as I know it's not available. The same answer from earlier applies - if you want a specific enhancement then you must create a bug report, vote on it and also raise a case with tech support so they can get it attached to the bug entry. Without that, nothing will be done. If there's no bug report then it will never get looked at. Do you have a bug report that describes your problem/requirement?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    10

    Default

    Quote Originally Posted by phoenix View Post
    As far as I know it's not available. The same answer from earlier applies - if you want a specific enhancement then you must create a bug report, vote on it and also raise a case with tech support so they can get it attached to the bug entry. Without that, nothing will be done. If there's no bug report then it will never get looked at. Do you have a bug report that describes your problem/requirement?
    The bug is http://bugzilla.zimbra.com/show_bug.cgi?id=7631.

    It seems to have been around since 3.1.1, which probably explains why support knew about it when I asked originally. I just voted for it and I'll call support tomorrow as you suggested to raise a more formal case regarding it.

    Thanks for the help to get more attention focused on this bug.

    All the best,
    Mark

  10. #10
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    That bug seems to be scheduled to be fixed in the next major release, just send an email to support with your comments and ask for your case to be added to the bug - that will do it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Does Zimbra support IMAP Secure Authentication?
    By zzzzsg in forum Administrators
    Replies: 6
    Last Post: 11-06-2009, 07:19 PM
  2. Lotus Notes Protocol URL problems
    By bjared in forum Administrators
    Replies: 2
    Last Post: 06-24-2009, 12:17 PM
  3. Remove URL from page title
    By cmilfo in forum Administrators
    Replies: 4
    Last Post: 05-25-2007, 07:08 AM
  4. rest url and accents
    By lfasci in forum Developers
    Replies: 1
    Last Post: 03-02-2007, 10:58 AM
  5. Change spell checker URL
    By paintbuoy in forum Administrators
    Replies: 1
    Last Post: 02-12-2006, 09:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •