Robert Moskowitz skrev den 2012-12-28 05:13:
It started out with 'smart' admins configuring their DNS zones so that foo.com was a cname for www.foo.com. It made it soo much easier... But it caused other problems so it got 'fixed' in the browsers.
this require wildcard ssl, if the server have only one hostname in ssl then it cant work with ssl on more then one domain or subdomain
csr can be made with multiple domains and or subdomains, in that case it works as you want on above
We spent so much effort to create things like SRV RR. Whatever for, the browsers will solve all of our problems.
is there even srv compliant webbrowsers that use this in ssl ?
as said: prevent to send cookies unencrypted and redirect at the first connect to https and you are done
i dont like the word redirect, it will fail if there redirect is comming from one domain to another domain, so dont use it
And I thank you for this information on how to do better than just a redirect.
configure apache to not use http urls for webmail, so all users have to use https always
remember there is a reason that ssl is not just running starttls on port 80, like postfix can :)
on postfix maillist there was a number of users there tell me to use smtps or submission for end users email sending, i think i gone to the next step of webhosting with that in mind