Date: 2003-12-17T12:44:03
Editor: 63.116.136.130 <>
Wiki: Apache James Wiki
Page: James/UsingSSL
URL: http://wiki.apache.org/james/James/UsingSSL
fixed more wiki syntax
Change Log:
------------------------------------------------------------------------------
@@ -34,7 +34,7 @@
A "self-signed" certificate (i.e. not signed by anyone else) or signed by a
"non trusted" Certification Authority should also work (tested with MS Outlook
2000 and MS Outlook Express).
In such case the behaviour of an Outlook 2000 client is to popup a message box
saying:
-"<code>The server you are connected to is using a security certificate that
could not be verified. A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider. Do you want to continue
using this server?</code>".
+'''"The server you are connected to is using a security certificate that could
not be verified. A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider. Do you want to continue
using this server?"'''.
If the answer is yes further requests to the server will be automatically
accepted until the client is restarted, in which case the server will become
untrusted again.
To have the server become permanently trusted by the client, the certificate
must be exported from the server java keystore by the administrator and
imported into the Windows certificate store of the client by the end user. If
the keypair is shared with an HTTP server, an HTTPS request from Internet
Explorer by the end user on the client will allow for storing the certificate
in the Windows certificate store of the client.
@@ -65,7 +65,7 @@
</smtpserver-tls>
}}}
----
-Enable the ssl factory section of <server-sockets> (shared with POP3S),
replacing the <file>
+Enable the ssl factory section of '''<server-sockets>''' (shared with POP3S),
replacing the '''<file>'''
with the appropriate certificate keystore address and setting the correct
password.
{{{
<factory name="ssl"
@@ -122,7 +122,7 @@
</pop3server-tls>
}}}
----
-Enable the ssl factory section of <server-sockets>, shared with SMTPS
(see the SMTPS example above).
+Enable the ssl factory section of '''<server-sockets>''', shared with SMTPS
(see the SMTPS example above).
----
The pop3server-tls service must be declared in assembly.xml (just duplicate
the existing entry for the pop3server service and change the name to
pop3server-tls):
@@ -153,7 +153,7 @@
=== Mail Client Setup ===
''MS Outlook 2000'':
-In the "Advanced" tab of the account setup check the "<code>This server
requires a secure connection (SSL)</code>" checkboxes, and set the port numbers
to the appropriate values. Warning: while the POP3 checkbox will automatically
change the port number from 110 to 995, the SMTP checkbox will keep the port
number as 25; you must manually set it to 465.
+In the "Advanced" tab of the account setup check the '''"This server requires
a secure connection (SSL)"''' checkboxes, and set the port numbers to the
appropriate values. Warning: while the POP3 checkbox will automatically change
the port number from 110 to 995, the SMTP checkbox will keep the port number as
25; you must manually set it to 465.
----
@@ -173,7 +173,7 @@
(The RSA algorithm should be preferred as a secure algorithm, and this also
ensures general compatibility with other servers and components.)
-As a suggested standard, create the keystore in the james/conf directory (the
same containing sqlResources.xml), with a name like
<code>james.keystore</code>. Any name and location though is fine, as long as
is the same as in the <file> of the ssl factory section of
<server-sockets> in config.xml.
+As a suggested standard, create the keystore in the james/conf directory (the
same containing sqlResources.xml), with a name like '''james.keystore'''. Any
name and location though is fine, as long as is the same as in the '''<file>'''
of the ssl factory section of '''<server-sockets>''' in config.xml.
After executing this command, you will first be prompted for the keystore
password.
@@ -215,9 +215,10 @@
==== Optionally Importing a so called Chain Certificate or Root Certificate
====
Download a Chain Certificate from the Certificate Authority you obtained the
Certificate from.
- For Verisign.com go to:
http://www.verisign.com/support/install/intermediate.html
- For Trustcenter.de go to:
http://www.trustcenter.de/certservices/cacerts/en/en.htm#server
- For Thawte.com go to: http://www.thawte.com/certs/trustmap.html (seems no
longer valid)
+
+ * For Verisign.com go to:
http://www.verisign.com/support/install/intermediate.html
+ * For Trustcenter.de go to:
http://www.trustcenter.de/certservices/cacerts/en/en.htm#server
+ * For Thawte.com go to: http://www.thawte.com/certs/trustmap.html (seems no
longer valid)
Import the Chain Certificate into you keystore
