mirror of
https://github.com/moparisthebest/davmail
synced 2024-12-13 03:02:22 -05:00
Doc: document custom certificate authority handling
git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1661 3d1905a2-6b24-0410-a738-b14d5a86fcbd
This commit is contained in:
parent
48f2f5196a
commit
e6fbb8fe13
@ -51,6 +51,17 @@ davmail.ssl.keystorePass=password]]></source>
|
||||
</subsection>
|
||||
|
||||
<subsection name="DavMail to Exchange">
|
||||
<p>
|
||||
<strong>Custom certificate authority</strong>
|
||||
</p>
|
||||
<p>Most users rely on the interactive accept certificate dialog to handle non public certificate authorities.
|
||||
However, this will not work with an Exchange server cluster with a different certificate on each server.
|
||||
In this case, you need to update global Java truststore with the custom certificate authority:
|
||||
</p>
|
||||
<source>keytool -import -alias root -keystore /path/to/jre/lib/security/cacerts -trustcacerts -file rootca.crt -storepass changeit -noprompt</source>
|
||||
<p>
|
||||
<strong>Client certificate</strong>
|
||||
</p>
|
||||
<p>In most cases, using https in OWA url is enough to secure communication between DavMail and Exchange.
|
||||
However, with Exchange servers setup to require mutual authentication, you will have to register
|
||||
your client certificate in DavMail settings, either through PKCS11 (smartcard) or file certificate.
|
||||
@ -84,7 +95,7 @@ name=NSS
|
||||
library=softokn3
|
||||
nssArgs="configdir='/path/to/firefox/profile' certPrefix='' keyPrefix='' secmod='secmod.db' flags=readOnly"
|
||||
slot = 2
|
||||
]]></source>
|
||||
]]></source>
|
||||
|
||||
<p>Another one for Coolkey (see <a href="http://pkg-coolkey.alioth.debian.org/">Coolkey for Debian</a>
|
||||
and <a href="http://www7320.nrlssc.navy.mil/pubs/2006/CommonAccessCardLinux.pdf">United States Department of Defense Common Access Cards</a>):</p>
|
||||
|
Loading…
Reference in New Issue
Block a user