Difference between revisions of "Using Your Own SSL Certificate"

[unchecked revision][unchecked revision]
Line 11: Line 11:
 
One option for resolving this issue is to make the server on which MailStore Server is installed available under the host name ''MailStoreServer'' (e.g. by adding and A- or CNAME record in the DNS) and installing the certificate in the container of trustworthy root certification authorities on the clients. Because these installations involve a relatively high administrative overhead, MailStore Server provides the option to use signed certificates of your own company CA or certificates of a public certification provider (e.g. VeriSign, eTrust etc.).
 
One option for resolving this issue is to make the server on which MailStore Server is installed available under the host name ''MailStoreServer'' (e.g. by adding and A- or CNAME record in the DNS) and installing the certificate in the container of trustworthy root certification authorities on the clients. Because these installations involve a relatively high administrative overhead, MailStore Server provides the option to use signed certificates of your own company CA or certificates of a public certification provider (e.g. VeriSign, eTrust etc.).
  
Um MailStore Server für die Verwendung eines eigenes Zertifikats zu konfigurieren, gehen Sie wie im Folgenden beschrieben vor.
+
To configure MailStore Server for the use of your own certificate, please proceed as follows:
  
 
== Installing the Certificate ==
 
== Installing the Certificate ==
Line 23: Line 23:
 
* In the management console, select ''My Certificates | Certificates''.
 
* In the management console, select ''My Certificates | Certificates''.
 
* Right-click on the folder ''Certificates'' and select ''All Tasks | Import''.  
 
* Right-click on the folder ''Certificates'' and select ''All Tasks | Import''.  
* Folgen Sie den Anweisungen des Assistenten und wählen Sie die Datei aus, welche das Zertifikat und ggf. den privaten Schlüssel enthält.
+
* Follow the instructions in the wizard and select the file containing the certificate and the private key, if applicable.
* Wählen Sie auf der Seite ''Zertifikatsspeicher'' den Container ''Eigene Zertifikate'' aus und schließen Sie den Assistenten anschließend ab.
+
* On the page ''Certificate Store'' select the container ''My Certificates'' and finish the wizard.
* Das Zertifikat wird nun im Container ''Eigene Zertifikate'' angezeigt.
+
* The certificate is now shown in the container ''My Certificates''.
* Zur Kontrolle öffnen Sie das Zertifikat über einen Doppelklick und vergewissern Sie sich, dass Sie über den privaten Schlüssel für das Zertifikat verfügen.
+
* To verify this and to make sure that the private key for the certificate is available, open the certificate with a double-click.
  
 
: [[Datei:Private_key.png|300px|center]]
 
: [[Datei:Private_key.png|300px|center]]
Line 32: Line 32:
 
== Using the Certificate with MailStore Server ==
 
== Using the Certificate with MailStore Server ==
  
* Open the MailStore Server base configuration.  
+
* Open the MailStore Server base configuration.  
* Select ''Web Access/Outlook Addin'' and click on ''Configure HTTP/HTTPS Access''.
+
* Select ''Web Access/Outlook Add-in'' and click on ''Configure HTTP/HTTPS Access''.
 
* Click on ''Select Certificate'' and choose the new certificate.
 
* Click on ''Select Certificate'' and choose the new certificate.
 
* Confirm your entries and restart the MailStore Server service.
 
* Confirm your entries and restart the MailStore Server service.

Revision as of 20:19, 23 November 2010

Background

During the installation of MailStore Server, an SSL certificate is generated which MailStore Web Access/Outlook Add-In can use for access via HTTPS. Since the certificate is issued to the server name MailStoreServer and does not come from a reliable certification authority (CA), it is not trusted by the client side.

300px|center

Because of this, the following warning message is displayed when calling up MailStore Web Access via HTTPS (SSL):

300px|center

One option for resolving this issue is to make the server on which MailStore Server is installed available under the host name MailStoreServer (e.g. by adding and A- or CNAME record in the DNS) and installing the certificate in the container of trustworthy root certification authorities on the clients. Because these installations involve a relatively high administrative overhead, MailStore Server provides the option to use signed certificates of your own company CA or certificates of a public certification provider (e.g. VeriSign, eTrust etc.).

To configure MailStore Server for the use of your own certificate, please proceed as follows:

Installing the Certificate

  • Log on to the server as administrator.
  • Click on Start | Execute.
  • Execute the command mmc.
  • Select File | Add/Remove Snap-In | Add| Certificate.
  • Select Local Computer Account and then Local Computer.
  • Click on Finish and close any open dialog windows.
  • In the management console, select My Certificates | Certificates.
  • Right-click on the folder Certificates and select All Tasks | Import.
  • Follow the instructions in the wizard and select the file containing the certificate and the private key, if applicable.
  • On the page Certificate Store select the container My Certificates and finish the wizard.
  • The certificate is now shown in the container My Certificates.
  • To verify this and to make sure that the private key for the certificate is available, open the certificate with a double-click.
300px|center

Using the Certificate with MailStore Server

  • Open the MailStore Server base configuration.
  • Select Web Access/Outlook Add-in and click on Configure HTTP/HTTPS Access.
  • Click on Select Certificate and choose the new certificate.
  • Confirm your entries and restart the MailStore Server service.