SSL and TLS encryption

SSL and TLS encryption#

You can and should use encrypted connections between Allegra and your e-mail server and LDAP server to prevent passwords from being transmitted in clear text across your network.

Note

If you use a certificate issued by a certificate authority such as Verisign, Thawte, Geotrust or Comodo, there is nothing further you need to do here — it should simply work.

If you use a self-signed certificate or a certificate from a certificate authority that your system does not recognize, you must install the certificate that identifies your e-mail server in your local Allegra keystore. Proceed as follows:

  1. Obtain a certificate from your e-mail server. How you do this depends on your server. You can ask your provider to give you this certificate. The certificate is usually bound to a particular internet address, e.g. your.domain.com.

  2. Import the certificate into your local keystore using the “keytool” utility that ships with every Java installation:

mkdir <ALLEGRA_HOME>/keystore

keytool -keystore <ALLEGRA_HOME>/keystore
                            /<your.domain.com>.ks
        -import -file theServersCertificate.cer

The keystore file must reside in the ALLEGRA_HOME/keystore directory. For how to configure ALLEGRA_HOME, see Miscellaneous settings. The keystore file itself must have the extension ks, and its base name should match the host name of the e-mail server. The certificate file you received from your provider in the example above is called theServersCertificate.cer.

If you have problems with the approach above, or if you want to use TLS-encrypted connections instead of SSL, you must import self-created certificates directly into the Java keystore. Switch to the bin directory of the Java runtime environment used by your application server (e.g. Tomcat) and import the certificate as follows (here for a Windows system):

You will be prompted to enter a password. If it has not been changed from the default, it is “changeit”.