From d25e946254785c8a76ecaf4500fde6c8aff9102c Mon Sep 17 00:00:00 2001
From: mguessan <mguessan@3d1905a2-6b24-0410-a738-b14d5a86fcbd>
Date: Thu, 7 Oct 2010 06:31:26 +0000
Subject: [PATCH] Doc: Document PKCS12 self signed certificate creation to
 enable SSL in DavMail

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1498 3d1905a2-6b24-0410-a738-b14d5a86fcbd
---
 src/site/site.xml          |  1 +
 src/site/xdoc/sslsetup.xml | 40 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 src/site/xdoc/sslsetup.xml

diff --git a/src/site/site.xml b/src/site/site.xml
index 3bffced0..e1a97b60 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -41,6 +41,7 @@
             <item name="Mac OS X" href="/macosxsetup.html"/>
             <item name="Server Setup" href="/serversetup.html"/>
             <item name="Getting Started" href="/gettingstarted.html"/>
+            <item name="SSL Setup" href="/sslsetup.html"/>
         </menu>
 
         <menu name="Thunderbird Setup">
diff --git a/src/site/xdoc/sslsetup.xml b/src/site/xdoc/sslsetup.xml
new file mode 100644
index 00000000..2dee893b
--- /dev/null
+++ b/src/site/xdoc/sslsetup.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0"?>
+<document xmlns="http://maven.apache.org/XDOC/2.0"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
+
+    <properties>
+        <title>DavMail POP/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway - SSL setup</title>
+        <author email="mguessan@free.fr">Mickael Guessant</author>
+    </properties>
+
+    <body>
+
+        <section name="SSL setup">
+            <p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and
+                DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail over
+                the internet, you should make sure encryption is enabled.
+            </p>
+
+            <p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a
+                self signed certificate:
+            </p>
+            <source>
+<![CDATA[keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net]]>
+            </source>
+
+            <p>Then add this keystore to DavMail settings:
+            </p>
+            <source><![CDATA[
+davmail.ssl.keystoreType=PKCS12
+davmail.ssl.keyPass=password
+davmail.ssl.keystoreFile=davmail.p12
+davmail.ssl.keystorePass=password]]>
+            </source>
+            <p>Restart DavMail, all DavMail listeners will switch to secure mode. You will also need to enable SSL in
+                client applications and manually accept the certificate as it's not signed by a trusted
+                Certification Authority.
+            </p>
+        </section>
+    </body>
+</document>
\ No newline at end of file