1
0
mirror of https://github.com/moparisthebest/davmail synced 2024-12-13 19:22:22 -05:00

Doc: Document PKCS12 self signed certificate creation to enable SSL in DavMail

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1498 3d1905a2-6b24-0410-a738-b14d5a86fcbd
This commit is contained in:
mguessan 2010-10-07 06:31:26 +00:00
parent a73b026db3
commit d25e946254
2 changed files with 41 additions and 0 deletions

View File

@ -41,6 +41,7 @@
<item name="Mac OS X" href="/macosxsetup.html"/>
<item name="Server Setup" href="/serversetup.html"/>
<item name="Getting Started" href="/gettingstarted.html"/>
<item name="SSL Setup" href="/sslsetup.html"/>
</menu>
<menu name="Thunderbird Setup">

View File

@ -0,0 +1,40 @@
<?xml version="1.0"?>
<document xmlns="http://maven.apache.org/XDOC/2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
<properties>
<title>DavMail POP/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway - SSL setup</title>
<author email="mguessan@free.fr">Mickael Guessant</author>
</properties>
<body>
<section name="SSL setup">
<p>SSL is not necessary when DavMail is used in workstation mode, as communication between clients and
DavMail remain local. However, in server (shared) mode e.g. with a smartphone connecting to DavMail over
the internet, you should make sure encryption is enabled.
</p>
<p>The simplest way to secure communication between mail/calendar clients and DavMail is to create a
self signed certificate:
</p>
<source>
<![CDATA[keytool -genkey -keyalg rsa -keysize 2048 -storepass password -keystore davmail.p12 -storetype pkcs12 -validity 3650 -dname cn=davmailhostname.company.com,ou=davmail,o=sf,o=net]]>
</source>
<p>Then add this keystore to DavMail settings:
</p>
<source><![CDATA[
davmail.ssl.keystoreType=PKCS12
davmail.ssl.keyPass=password
davmail.ssl.keystoreFile=davmail.p12
davmail.ssl.keystorePass=password]]>
</source>
<p>Restart DavMail, all DavMail listeners will switch to secure mode. You will also need to enable SSL in
client applications and manually accept the certificate as it's not signed by a trusted
Certification Authority.
</p>
</section>
</body>
</document>