[Apache James Wiki] Updated: James/UsingSSL

site-cvs 17 Dec 2003 20:44:04 -0000

   Date: 2003-12-17T12:44:03
   Editor: 63.116.136.130 <>
   Wiki: Apache James Wiki
   Page: James/UsingSSL
   URL: http://wiki.apache.org/james/James/UsingSSL


   fixed more wiki syntax

Change Log:

------------------------------------------------------------------------------
@@ -34,7 +34,7 @@
 
 A "self-signed" certificate (i.e. not signed by anyone else) or signed by a 
"non trusted" Certification Authority should also work (tested with MS Outlook 
2000 and MS Outlook Express).
 In such case the behaviour of an Outlook 2000 client is to popup a message box 
saying:
-"<code>The server you are connected to is using a security certificate that 
could not be verified. A certificate chain processed, but terminated in a root 
certificate which is not trusted by the trust provider. Do you want to continue 
using this server?</code>".
+'''"The server you are connected to is using a security certificate that could 
not be verified. A certificate chain processed, but terminated in a root 
certificate which is not trusted by the trust provider. Do you want to continue 
using this server?"'''.
 If the answer is yes further requests to the server will be automatically 
accepted until the client is restarted, in which case the server will become 
untrusted again.
 To have the server become permanently trusted by the client, the certificate 
must be exported from the server java keystore by the administrator and 
imported into the Windows certificate store of the client by the end user. If 
the keypair is shared with an HTTP server, an HTTPS request from Internet 
Explorer by the end user on the client will allow for storing the certificate 
in the Windows certificate store of the client.
 
@@ -65,7 +65,7 @@
 </smtpserver-tls>
 }}}
 ----
-Enable the ssl factory section of &lt;server-sockets&gt; (shared with POP3S), 
replacing the &lt;file&gt;
+Enable the ssl factory section of '''<server-sockets>''' (shared with POP3S), 
replacing the '''<file>'''
 with the appropriate certificate keystore address and setting the correct 
password.
 {{{
 <factory name="ssl"
@@ -122,7 +122,7 @@
 </pop3server-tls>
 }}}
 ----
-Enable the ssl factory section of &lt;server-sockets&gt;, shared with SMTPS 
(see the SMTPS example above).
+Enable the ssl factory section of '''<server-sockets>''', shared with SMTPS 
(see the SMTPS example above).
 
 ----
 The pop3server-tls service must be declared in assembly.xml (just duplicate 
the existing entry for the pop3server service and change the name to 
pop3server-tls):
@@ -153,7 +153,7 @@
 === Mail Client Setup ===
 
 ''MS Outlook 2000'':
-In the "Advanced" tab of the account setup check the "<code>This server 
requires a secure connection (SSL)</code>" checkboxes, and set the port numbers 
to the appropriate values. Warning: while the POP3 checkbox will automatically 
change the port number from 110 to 995, the SMTP checkbox will keep the port 
number as 25; you must manually set it to 465.
+In the "Advanced" tab of the account setup check the '''"This server requires 
a secure connection (SSL)"''' checkboxes, and set the port numbers to the 
appropriate values. Warning: while the POP3 checkbox will automatically change 
the port number from 110 to 995, the SMTP checkbox will keep the port number as 
25; you must manually set it to 465.
 
 ----
 
@@ -173,7 +173,7 @@
 
 (The RSA algorithm should be preferred as a secure algorithm, and this also 
ensures general compatibility with other servers and components.)
 
-As a suggested standard, create the keystore in the james/conf directory (the 
same containing sqlResources.xml), with a name like 
<code>james.keystore</code>. Any name and location though is fine, as long as 
is the same as in the &lt;file&gt; of the ssl factory section of 
&lt;server-sockets&gt; in config.xml.
+As a suggested standard, create the keystore in the james/conf directory (the 
same containing sqlResources.xml), with a name like '''james.keystore'''. Any 
name and location though is fine, as long as is the same as in the '''<file>''' 
of the ssl factory section of '''<server-sockets>''' in config.xml.
 
 After executing this command, you will first be prompted for the keystore 
password.
 
@@ -215,9 +215,10 @@
 ==== Optionally Importing a so called Chain Certificate or Root Certificate 
====
 
 Download a Chain Certificate from the Certificate Authority you obtained the 
Certificate from.
- For Verisign.com go to: 
http://www.verisign.com/support/install/intermediate.html
- For Trustcenter.de go to: 
http://www.trustcenter.de/certservices/cacerts/en/en.htm#server
- For Thawte.com go to: http://www.thawte.com/certs/trustmap.html (seems no 
longer valid)
+
+ * For Verisign.com go to: 
http://www.verisign.com/support/install/intermediate.html
+ * For Trustcenter.de go to: 
http://www.trustcenter.de/certservices/cacerts/en/en.htm#server
+ * For Thawte.com go to: http://www.thawte.com/certs/trustmap.html (seems no 
longer valid)
 
 Import the Chain Certificate into you keystore

[Apache James Wiki] Updated: James/UsingSSL

Reply via email to