The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL web mail oddity...or just ignorance on my part?

Discussion in 'E-mail Discussions' started by imacurious, Apr 13, 2005.

  1. imacurious

    imacurious Member

    Joined:
    Mar 9, 2005
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    I need to understand why something is happenning when a client logs into SSL web mail.


    Background
    ----------
    I created a folder called : swebmail inside the www folder of the customer account.
    I created an empty file called index.php
    I adddd the following four lines to this file:
    <?PHP
    header("location: https://domain.com:2096");
    exit;
    ?>

    This gives the customer the ability to type www.domain.com/swebmail rather than having to remember to type https://www.domain.com:2096



    The Problem
    -----------
    The customer types www.domain.com/swebmail and then enters their username/password. They get the usual certificate warning, say OK and then they are brought to the Cpanel Mail Management screen where they can choose either Squirrelmail, Horde, or Neomail. However the Cpanel Mail Management screen SSL symbol for for the secure email site is not locked.

    At this point if they look at the status bar at the bottom of their browser they will see the SSL 'lock' symbol shown as locked - this is true using either IE6 or Firefox 1.x.

    Why is the web browser session considered secure yet the mail session not secure even though the mail login is redirected to port 2096?


    Is there a way to force both the browser session and the mail session to be secure without the user taking additional action using a variant of the methodology I outlined in the Background section above?

    Thanks.
     
  2. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    Most likely it is because the session is ok'd but the link is not what the SSL is expecting.
     
Loading...

Share This Page