[imp] Always SSL connection

Daniel Eckl daniel.eckl at gmx.de
Sun Apr 18 03:03:48 PDT 2004


Zitat von Fred Ho <fkho at fredho.net>:

> I also change the apache httpd.conf to use VirtualHost but to rewrite 
> or redirect to https://webmail.domain.com instead.
> Everytime you specify the URL in http, it will be redirect to https.

That sounds smooth, I have to agree.

> Note that you must create the certificate first and will prompt for 
> the passphase during apache start.

You can clean the passphrase out of the certificate to get rid of the
passphrase prompt at apache startup. But if your machine is
compromised, your ssl certificate is, too, because the attacker can use
it without needing a passphrase. If you don't mind that, then removing
the password should be okay.

Daniel


More information about the imp mailing list