From 2b9156a42de653f5f2e6f536cbf8fcf4ed410056 Mon Sep 17 00:00:00 2001
From: mguessan <mguessan@3d1905a2-6b24-0410-a738-b14d5a86fcbd>
Date: Fri, 8 Oct 2010 09:31:15 +0000
Subject: [PATCH] Doc: update ssl server certificate doc

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1500 3d1905a2-6b24-0410-a738-b14d5a86fcbd
---
 src/site/xdoc/sslsetup.xml | 51 ++++++++++++++++++++++++--------------
 1 file changed, 33 insertions(+), 18 deletions(-)

diff --git a/src/site/xdoc/sslsetup.xml b/src/site/xdoc/sslsetup.xml
index 2dee893b..4053daca 100644
--- a/src/site/xdoc/sslsetup.xml
+++ b/src/site/xdoc/sslsetup.xml
@@ -11,30 +11,45 @@
     <body>
 
         <section name="SSL setup">
-            <p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and
-                DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail over
-                the internet, you should make sure encryption is enabled.
-            </p>
+            <subsection name="Server keystore (Client to DavMail)">
+                <p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and
+                    DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail
+                    over the internet, you should make sure encryption is enabled.
+                </p>
 
-            <p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a
-                self signed certificate:
-            </p>
-            <source>
-<![CDATA[keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net]]>
-            </source>
+                <p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a
+                    self signed certificate:
+                </p>
+                <source>
+                    keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype
+                    pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net
+                </source>
 
-            <p>Then add this keystore to DavMail settings:
-            </p>
-            <source><![CDATA[
+                <p>Then add this keystore to DavMail settings:
+                </p>
+                <source><![CDATA[
 davmail.ssl.keystoreType=PKCS12
 davmail.ssl.keyPass=password
 davmail.ssl.keystoreFile=davmail.p12
 davmail.ssl.keystorePass=password]]>
-            </source>
-            <p>Restart DavMail, all DavMail listeners will switch to secure mode. You will also need to enable SSL in
-                client applications and manually accept the certificate as it's not signed by a trusted
-                Certification Authority.
-            </p>
+                </source>
+                <p>Restart DavMail, all DavMail listeners will switch to secure mode. You will also need to enable SSL
+                    in
+                    client applications and manually accept the certificate as it's not signed by a trusted
+                    Certification Authority.
+                </p>
+            </subsection>
+            <subsection name="DavMail to Exchange">
+                <p>In most cases, using https in OWA url is enough to secure communication between DavMail and Exchange.
+                    However, with Exchange servers setup to require mutual authentication, you will have to register
+                    client certificate in DavMail settings, either through PKCS11 (smartcard) or file certificate:
+                </p>
+                <source><![CDATA[
+davmail.ssl.clientKeystoreType=PKCS12
+davmail.ssl.clientKeystoreFile=client.p12
+davmail.ssl.clientKeystorePass=password]]>
+                </source>
+            </subsection>
         </section>
     </body>
 </document>
\ No newline at end of file