Difference between revisions of "Replace Self-signed SSL Certificates"

Jump to: navigation, search
[unchecked revision][unchecked revision]
Line 3: Line 3:
 
Therefore it is recommended to replace the SSL certificates used by the Client Access Servers for offering IMAP and web based access to the archives with certificates signed by an official certificate authority.
 
Therefore it is recommended to replace the SSL certificates used by the Client Access Servers for offering IMAP and web based access to the archives with certificates signed by an official certificate authority.
  
= Prerequisites =
+
== Prerequisites ==
 
 
 
Before a certificate can be used by the Client Access Server service, the certificate and its private key must be store in the computer's personal certificate store ('''not''' Administrator's or any other user's).
 
Before a certificate can be used by the Client Access Server service, the certificate and its private key must be store in the computer's personal certificate store ('''not''' Administrator's or any other user's).
  
= Installing New Certificates =
+
== Installing New Certificates ==
 
 
 
* Start the MailStore Service Provider Edition Configuration tool on a server that is a Client Access Server by double-clicking it's desktop icon. On Windows Server Core use the command line prompt to start the executable (default: <tt>%PROGRAMFILES%\MailStore Infrastructure\MailStoreInfrastructureConfig.exe</tt>.
 
* Start the MailStore Service Provider Edition Configuration tool on a server that is a Client Access Server by double-clicking it's desktop icon. On Windows Server Core use the command line prompt to start the executable (default: <tt>%PROGRAMFILES%\MailStore Infrastructure\MailStoreInfrastructureConfig.exe</tt>.
 
* Stop the ''Client Access Server''.
 
* Stop the ''Client Access Server''.
Line 18: Line 16:
 
Repeat the above on each Client Access Server in your MailStore Service Provider Edition infrastructure.
 
Repeat the above on each Client Access Server in your MailStore Service Provider Edition infrastructure.
  
= What to do next =
+
== What to do next ==
 
 
 
The last step of the installation and setup process is optional, but allows to give your MailStore Service Provider Edition a unique look: Read more about customizing the appearance of MailStore Client, MailStore Web Access and MailStore Outlook Add-in in [[Branding]]
 
The last step of the installation and setup process is optional, but allows to give your MailStore Service Provider Edition a unique look: Read more about customizing the appearance of MailStore Client, MailStore Web Access and MailStore Outlook Add-in in [[Branding]]
  
 
If the appearance of MailStore Client, MailStore Web Access and MailStore Outlook Add-in does not need to be modified, the installation and setup process is of MailStore Service Provider Edition is finished. All other administrative tasks are carried out through the web-based [[Management_Console_-_General| MailStore Management Console]].
 
If the appearance of MailStore Client, MailStore Web Access and MailStore Outlook Add-in does not need to be modified, the installation and setup process is of MailStore Service Provider Edition is finished. All other administrative tasks are carried out through the web-based [[Management_Console_-_General| MailStore Management Console]].

Revision as of 11:37, 1 July 2014

MailStore Service Provider Edition automatically creates self-signed certificates when adding a new role to a server. While these certificates are suitable for authenticating MailStore Service Provider Edition's own services against each other by storing and verifying the unique fingerprints of the used certificates, self-signed certificates are not suitable for public internet services like email or web servers.

Therefore it is recommended to replace the SSL certificates used by the Client Access Servers for offering IMAP and web based access to the archives with certificates signed by an official certificate authority.

Prerequisites

Before a certificate can be used by the Client Access Server service, the certificate and its private key must be store in the computer's personal certificate store (not Administrator's or any other user's).

Installing New Certificates

  • Start the MailStore Service Provider Edition Configuration tool on a server that is a Client Access Server by double-clicking it's desktop icon. On Windows Server Core use the command line prompt to start the executable (default: %PROGRAMFILES%\MailStore Infrastructure\MailStoreInfrastructureConfig.exe.
  • Stop the Client Access Server.
  • Click Configure...
  • For each server (HTTP, IMAP, IMAPS) click on the button behind the Server 'Certificate field to select the new certificate from the certificate store.
  • Click OK to save changes or Cancel to discard.
  • Start the Client Access Server.

Repeat the above on each Client Access Server in your MailStore Service Provider Edition infrastructure.

What to do next

The last step of the installation and setup process is optional, but allows to give your MailStore Service Provider Edition a unique look: Read more about customizing the appearance of MailStore Client, MailStore Web Access and MailStore Outlook Add-in in Branding

If the appearance of MailStore Client, MailStore Web Access and MailStore Outlook Add-in does not need to be modified, the installation and setup process is of MailStore Service Provider Edition is finished. All other administrative tasks are carried out through the web-based MailStore Management Console.