Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Jun 15, 2009, 12:10 AM   #1
awmazz
macrumors 65816
 
Join Date: Jul 2007
SSL Certificates for osx server web & mail?

I need a bit of guidance on SSL certificates in regards to setting up a home-based web and mail service using osx leopard server. Any help would be greatly appreciated. Just pointing me to a site with the answers would be good too, thanks!

I have a couple of domains which I've set up web sites okay and now want email for but am struggling to understand the osx server mail services SSL instructions, which amount to "get SSL Certificate, install SSL Certificate" but doesn't go into any further detail.

Basically what sort of certificate do I need just for mail services? Do I need one to secure the actual web server itself too? There's a bit of a choice and some are quite expensive and look like they're for serious e-commerce sites so are they more than I need?:

Instant SSL by Comodo

In regards to a website, do I need an SSL certificate if I'm just setting up an online forum like this one (to protect peoples' accounts and emails etc), or if I decide to do a bit of online commerce one day using Paypal? Or does the Paypal site handle all that for me?
awmazz is offline   0 Reply With Quote
Old Jun 17, 2009, 09:57 AM   #2
Azgar
macrumors newbie
 
Join Date: Jun 2009
I imagine there are a lot of opinions out there on the subject. Personally, I think the SSL market is a bit of a sham. You'd have better luck finding the fountain of youth than you would finding anyone who has ever collected on an SSL "warranty". Their warranties are for the site visitors, not the hoster, and they don't cover the security of the certificate, only the validity of their issuing process to ensure people running a server are who they say they are. In general, all SSL certs provide the same level of security; the green bar and all that are just for consumer confidence and I would argue that few people in the general public could care less beyond seeing their little padlock.

Based on that, I'd recommend going with the cheapest one available from any reputable SSL issuer like Comodo, GoDaddy, etc. Anything is cheaper than Verisign. You've got a few options when it comes to covering more than one domain. Traditional SSL certs cover only one domain or subdomain, so you would need one for www.yourdomain.com and mail.yourdomain.com if you wanted to secure the website and mail services. There are wildcard SSLs, but those are rather expensive unless you're covering a lot of subdomains. A UCC (Unified Communications Certificate) SSL can be used for multiple domains and are a lot cheaper if you need to cover more than a couple names. They shouldn't be used for sites that are not supposed to appear to be related though since the identity on the cert will be the same for all sites.

Regarding PayPal, if I remember correctly, there are different options for integrating PayPal payment into your website. One method sends people to PayPals site for actual payment processing, in which case you wouldn't need an SSL for your site. The other method does it directly on your site, communicating with their servers in the background, so you would need an SSL for your site going that route.
Azgar is offline   0 Reply With Quote
Old Jun 17, 2009, 02:49 PM   #3
awmazz
Thread Starter
macrumors 65816
 
Join Date: Jul 2007
Thanks for the help Azgar. I went with the cheapest Comodo InstantSSL before you had a chance to reply. Mainly because the only difference I could see between it and the more expensive InstantSSL Pro and Premiums was just the amount of the warranty.

I now have to check to see if what I've just bought actually covers mail.domain.com and other subdomains as well now that you've told me about it as I just assumed it would without even thinking to ask. I think I'll have to email them as the Comodo product descriptions are just as vague and uninformative as Apple's instruction manuals.

Ditto my hoping it could cover two domain names if they both have the same registration details, but that's probably wishful thinking going by what you mentioned about the UCC type. Looking at the Comodo price list, the UC cert is almost 5x the price of the InstantSSL, so for just two or three domains it looks like getting separate certs would still be cheaper.

Thanks again for the very helpful information!
awmazz is offline   0 Reply With Quote
Old Jun 17, 2009, 03:31 PM   #4
assembled
macrumors regular
 
Join Date: Jan 2009
Location: London
remember that if you are running different sites on different domains, then you need a dedicated IP for each site. this is because the host header information is encrypted within HTTPS and the server can't decrypt until it knows which certificate is being used.

a UCC certificate, is correctly called a SAN (Subject Alternative Name) certificate, UCC comes from Microsoft and Exchange 2007.

there are ways of having a SAN certificate that can have multiple domains, but you might also encounter other issues with SAN certificates not being understood by some browsers.
assembled is offline   0 Reply With Quote
Old Jun 17, 2009, 03:40 PM   #5
Guiyon
macrumors 6502a
 
Join Date: Mar 2008
Location: North Shore, MA
I skipped all the commercial solutions and just created my own CA and use self-signed certificates for each of my services. I don't use them to create a 'chain of trust' but solely for encryption purposes (for example, I only allow SSL/TLS on my mail server). It's also much easier to create a few new certs if I need em.
__________________
Make life easier if you have a programming question!
http://www.sscce.org/
Guiyon is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
SSL email certificates - SHA2 patent10021 Apple, Industry and Internet Discussion 1 Feb 25, 2014 09:02 AM
SSL Certificates Raj15 iPhone and iPod touch Apps 0 Feb 5, 2014 12:26 PM
Mac Mini OSX Server - Can't receive mail but can send? alexplanet Mac mini 1 Sep 11, 2013 03:15 AM
Marking as read in osx mail but remain as unread in server horus7 iCloud and Apple Services 1 Sep 9, 2013 01:13 PM
Safari slow on SSL, but no expired certificates to remove jollino OS X 10.8 Mountain Lion 3 Mar 7, 2013 01:47 PM

Forum Jump

All times are GMT -5. The time now is 06:10 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC