Prevent SSL certificate being returned for a specific domain

Posted by jezmck on Server Fault See other posts from Server Fault or by jezmck
Published on 2013-07-02T12:49:32Z Indexed on 2013/07/02 17:07 UTC
Read the original article Hit count: 290

Apologies for a long question:

We've taken on a new client whose web hosting was previously on their in-house server which still has their Exchange/Outlook email.

We now host their domain (and many others) on our server.

They're complaining that they're getting errors in Outlook. I don't understand the AutoDiscover stuff at the root of the problem, but believe that I just need to stop the SSL certificate on our server being returned when requested at a particular domain:

Yes it is, the issue lies with "{newclient}.com" being pointed to your server IP and that server has Port 443 open with an SSL certificate associated to it.

So when Outlook/ActiveSync use autodiscover to find the mailbox settings it find your SSL (because 443 is open) and flags it as an error.

The solution is to close 443 so its not discovered, Autodiscover will then proceed to mail.{newclient}.com via the MX / ServiceRecords and discover the correct SSL.

I'm new here and there was no hand-over, so I don't know whether other currently hosted sites need to accept SSL connections, though I suspect some will, or may in future.

This is a live server, so I can't risk trying loads of options in case I take the server offline!

I feel like I should be adding something like the following to vhosts.conf.

<VirtualHost *:443>
    ServerName {newclient}.com
    ServerAlias www.{newclient}.com
    SSLEngine Off
    SSLCertificateFile {NONE}
    SSLCertificateKeyFile {NONE}
</VirtualHost>

Apologies for the fact that I don't know enough about this subject to be able to ask the question more clearly!

© Server Fault or respective owner

Related posts about apache2

Related posts about ssl