1
0
mirror of https://github.com/moparisthebest/davmail synced 2024-12-14 11:42:23 -05:00

Doc: update ssl server certificate doc

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1500 3d1905a2-6b24-0410-a738-b14d5a86fcbd
This commit is contained in:
mguessan 2010-10-08 09:31:15 +00:00
parent 6a9ea37f60
commit 2b9156a42d

View File

@ -11,16 +11,18 @@
<body> <body>
<section name="SSL setup"> <section name="SSL setup">
<subsection name="Server keystore (Client to DavMail)">
<p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and <p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and
DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail over DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail
the internet, you should make sure encryption is enabled. over the internet, you should make sure encryption is enabled.
</p> </p>
<p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a <p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a
self signed certificate: self signed certificate:
</p> </p>
<source> <source>
<![CDATA[keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net]]> keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype
pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net
</source> </source>
<p>Then add this keystore to DavMail settings: <p>Then add this keystore to DavMail settings:
@ -31,10 +33,23 @@ davmail.ssl.keyPass=password
davmail.ssl.keystoreFile=davmail.p12 davmail.ssl.keystoreFile=davmail.p12
davmail.ssl.keystorePass=password]]> davmail.ssl.keystorePass=password]]>
</source> </source>
<p>Restart DavMail, all DavMail listeners will switch to secure mode. You will also need to enable SSL in <p>Restart DavMail, all DavMail listeners will switch to secure mode. You will also need to enable SSL
in
client applications and manually accept the certificate as it's not signed by a trusted client applications and manually accept the certificate as it's not signed by a trusted
Certification Authority. Certification Authority.
</p> </p>
</subsection>
<subsection name="DavMail to Exchange">
<p>In most cases, using https in OWA url is enough to secure communication between DavMail and Exchange.
However, with Exchange servers setup to require mutual authentication, you will have to register
client certificate in DavMail settings, either through PKCS11 (smartcard) or file certificate:
</p>
<source><![CDATA[
davmail.ssl.clientKeystoreType=PKCS12
davmail.ssl.clientKeystoreFile=client.p12
davmail.ssl.clientKeystorePass=password]]>
</source>
</subsection>
</section> </section>
</body> </body>
</document> </document>