Doc: Document PKCS12 self signed certificate creation to enable SSL in DavMail

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1498 3d1905a2-6b24-0410-a738-b14d5a86fcbd
2010-10-07 06:31:26 +00:00 · 2010-10-07 06:31:26 +00:00 · d25e946254
parent a73b026db3
commit d25e946254
2 changed files with 41 additions and 0 deletions
--- a/src/site/site.xml
+++ b/src/site/site.xml
@ -41,6 +41,7 @@
            <item name="Mac OS X" href="/macosxsetup.html"/>
            <item name="Server Setup" href="/serversetup.html"/>
            <item name="Getting Started" href="/gettingstarted.html"/>
+            <item name="SSL Setup" href="/sslsetup.html"/>
        </menu>

        <menu name="Thunderbird Setup">
--- a/src/site/xdoc/sslsetup.xml
+++ b/src/site/xdoc/sslsetup.xml
@ -0,0 +1,40 @@
+<?xml version="1.0"?>
+<document xmlns="http://maven.apache.org/XDOC/2.0"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
+
+    <properties>
+        <title>DavMail POP/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway - SSL setup</title>
+        <author email="mguessan@free.fr">Mickael Guessant</author>
+    </properties>
+
+    <body>
+
+        <section name="SSL setup">
+            <p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and
+                DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail over
+                the internet, you should make sure encryption is enabled.
+            </p>
+
+            <p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a
+                self signed certificate:
+            </p>
+            <source>
+<![CDATA[keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net]]>
+            </source>
+
+            <p>Then add this keystore to DavMail settings:
+            </p>
+            <source><![CDATA[
+davmail.ssl.keystoreType=PKCS12
+davmail.ssl.keyPass=password
+davmail.ssl.keystoreFile=davmail.p12
+davmail.ssl.keystorePass=password]]>
+            </source>
+            <p>Restart DavMail, all DavMail listeners will switch to secure mode. You will also need to enable SSL in
+                client applications and manually accept the certificate as it's not signed by a trusted
+                Certification Authority.
+            </p>
+        </section>
+    </body>
+</document>