mirror of
https://github.com/moparisthebest/davmail
synced 2024-12-13 11:12:22 -05:00
Doc: update ssl server certificate doc
git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1500 3d1905a2-6b24-0410-a738-b14d5a86fcbd
This commit is contained in:
parent
6a9ea37f60
commit
2b9156a42d
@ -11,30 +11,45 @@
|
||||
<body>
|
||||
|
||||
<section name="SSL setup">
|
||||
<p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and
|
||||
DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail over
|
||||
the internet, you should make sure encryption is enabled.
|
||||
</p>
|
||||
<subsection name="Server keystore (Client to DavMail)">
|
||||
<p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and
|
||||
DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail
|
||||
over the internet, you should make sure encryption is enabled.
|
||||
</p>
|
||||
|
||||
<p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a
|
||||
self signed certificate:
|
||||
</p>
|
||||
<source>
|
||||
<![CDATA[keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net]]>
|
||||
</source>
|
||||
<p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a
|
||||
self signed certificate:
|
||||
</p>
|
||||
<source>
|
||||
keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype
|
||||
pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net
|
||||
</source>
|
||||
|
||||
<p>Then add this keystore to DavMail settings:
|
||||
</p>
|
||||
<source><![CDATA[
|
||||
<p>Then add this keystore to DavMail settings:
|
||||
</p>
|
||||
<source><![CDATA[
|
||||
davmail.ssl.keystoreType=PKCS12
|
||||
davmail.ssl.keyPass=password
|
||||
davmail.ssl.keystoreFile=davmail.p12
|
||||
davmail.ssl.keystorePass=password]]>
|
||||
</source>
|
||||
<p>Restart DavMail, all DavMail listeners will switch to secure mode. You will also need to enable SSL in
|
||||
client applications and manually accept the certificate as it's not signed by a trusted
|
||||
Certification Authority.
|
||||
</p>
|
||||
</source>
|
||||
<p>Restart DavMail, all DavMail listeners will switch to secure mode. You will also need to enable SSL
|
||||
in
|
||||
client applications and manually accept the certificate as it's not signed by a trusted
|
||||
Certification Authority.
|
||||
</p>
|
||||
</subsection>
|
||||
<subsection name="DavMail to Exchange">
|
||||
<p>In most cases, using https in OWA url is enough to secure communication between DavMail and Exchange.
|
||||
However, with Exchange servers setup to require mutual authentication, you will have to register
|
||||
client certificate in DavMail settings, either through PKCS11 (smartcard) or file certificate:
|
||||
</p>
|
||||
<source><![CDATA[
|
||||
davmail.ssl.clientKeystoreType=PKCS12
|
||||
davmail.ssl.clientKeystoreFile=client.p12
|
||||
davmail.ssl.clientKeystorePass=password]]>
|
||||
</source>
|
||||
</subsection>
|
||||
</section>
|
||||
</body>
|
||||
</document>
|
Loading…
Reference in New Issue
Block a user