2010-10-07 02:31:26 -04:00
|
|
|
<?xml version="1.0"?>
|
|
|
|
<document xmlns="http://maven.apache.org/XDOC/2.0"
|
|
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
|
|
xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
|
|
|
|
|
|
|
|
<properties>
|
|
|
|
<title>DavMail POP/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway - SSL setup</title>
|
|
|
|
<author email="mguessan@free.fr">Mickael Guessant</author>
|
|
|
|
</properties>
|
|
|
|
|
|
|
|
<body>
|
|
|
|
|
|
|
|
<section name="SSL setup">
|
2010-10-08 05:31:15 -04:00
|
|
|
<subsection name="Server keystore (Client to DavMail)">
|
|
|
|
<p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and
|
|
|
|
DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail
|
|
|
|
over the internet, you should make sure encryption is enabled.
|
|
|
|
</p>
|
2010-10-07 02:31:26 -04:00
|
|
|
|
2010-10-08 05:31:15 -04:00
|
|
|
<p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a
|
|
|
|
self signed certificate:
|
|
|
|
</p>
|
2010-10-08 05:38:29 -04:00
|
|
|
<source>keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype
|
2010-10-08 05:31:15 -04:00
|
|
|
pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net
|
|
|
|
</source>
|
2010-10-07 02:31:26 -04:00
|
|
|
|
2010-10-21 05:05:14 -04:00
|
|
|
<p>Note to iPhone users: iOS does not support the default DSA algorithm, make sure you use an RSA key pair</p>
|
|
|
|
|
2010-10-08 05:31:15 -04:00
|
|
|
<p>Then add this keystore to DavMail settings:
|
|
|
|
</p>
|
|
|
|
<source><![CDATA[
|
2010-10-07 02:31:26 -04:00
|
|
|
davmail.ssl.keystoreType=PKCS12
|
|
|
|
davmail.ssl.keyPass=password
|
|
|
|
davmail.ssl.keystoreFile=davmail.p12
|
2010-10-08 05:38:29 -04:00
|
|
|
davmail.ssl.keystorePass=password]]></source>
|
2010-10-21 05:05:14 -04:00
|
|
|
<p>If your already have your keystore in JKS format, just set keystoreType to JKS in DavMail
|
|
|
|
settings. keystorePass is the password used to open the KeyStore, keyPass protects the private key
|
|
|
|
inside the KeyStore.
|
|
|
|
</p>
|
|
|
|
<p>Restart DavMail, all DavMail listeners will switch to secure mode: POP3S/IMAPS/SMTPS/HTTPS/LDAPS.
|
|
|
|
You will also need to enable SSL in client applications and manually accept the certificate as it's
|
|
|
|
not signed by a trusted Certification Authority.
|
2010-10-08 05:31:15 -04:00
|
|
|
</p>
|
|
|
|
</subsection>
|
2010-10-21 05:05:14 -04:00
|
|
|
|
2010-10-08 05:31:15 -04:00
|
|
|
<subsection name="DavMail to Exchange">
|
|
|
|
<p>In most cases, using https in OWA url is enough to secure communication between DavMail and Exchange.
|
|
|
|
However, with Exchange servers setup to require mutual authentication, you will have to register
|
|
|
|
client certificate in DavMail settings, either through PKCS11 (smartcard) or file certificate:
|
|
|
|
</p>
|
|
|
|
<source><![CDATA[
|
|
|
|
davmail.ssl.clientKeystoreType=PKCS12
|
|
|
|
davmail.ssl.clientKeystoreFile=client.p12
|
2010-10-08 05:38:29 -04:00
|
|
|
davmail.ssl.clientKeystorePass=password]]></source>
|
2010-10-08 05:31:15 -04:00
|
|
|
</subsection>
|
2010-10-07 02:31:26 -04:00
|
|
|
</section>
|
|
|
|
</body>
|
|
|
|
</document>
|