Using SSL and TLS Encryption on Email and LDAP Connections#

You can and should use encrypted connections between Allegra and your email server to prevent passwords from being transmitted in plaintext over your network.

Note

If you use a certificate issued by a certification authority like Verisign, Thawte, Geotrust, or Comodo, you don’t need to do anything further here, it should just work.

If you use a self-signed certificate or a certificate from a certification authority that your system doesn’t recognize, you need to install the certificate that identifies your email server in your local Allegra keystore. Follow these steps:

  1. Obtain a certificate from your email server. How you do this depends on your server. You can ask your provider to give you this certificate. The certificate is usually bound to a specific internet address, e.g., your.domain.com.

  2. Import the certificate into your local keystore using the “keytool” utility, which comes with every Java installation:

mkdir <ALLEGRA_HOME>/keystore

keytool -keystore <ALLEGRA_HOME>/keystore
                            /<your.domain.com>.ks
        -import -file theServersCertificate.cer

The keystore file must be located in the directory ALLEGRA_HOME/keystore. To learn how to configure ALLEGRA_HOME, see Various Settings. The keystore file itself must have the extension ks and the base name should correspond to the hostname of the email server. The certificate file you received from your provider in the above example is named theServersCertificate.cer.

If you have issues with the above approach or want to use TLS-encrypted connections instead of SSL, you need to import self-created certificates directly into the Java keystore. Navigate to the bin directory of the Java runtime environment used by your application server (e.g., Tomcat) and import the certificate as follows (here for a Windows system):

You will be prompted to enter a password. If it has not been changed from the default, it is “changeit”.