MailEnable Enterprise Edition has the ability to use SSL (Secure Sockets Layer) when transmitting data between mail clients and servers. SSL is available for IMAP, SMTP, POP, and HTTP related protocols.
Secure Sockets Layer (SSL) creates a secure connection between a client and a server over which any amount of data can be sent securely. It is a protocol for transmitting private documents via the Internet and is used with both web and email applications. URLs that require an SSL connection start with https: instead of http:.
Enabling SSL on the email client (e.g. Outlook, Netscape Messenger, Eudora) provides an added level of privacy and security for the data being sent over the network.
Obtaining an SSL Certificate
For the MailEnable mail services, only one SSL certificate can be configured on the server. The SMTP, POP and IMAP services all use the same certificate. Because only one certificate can be used for the server, when purchasing one, try to make it generic for the server (i.e. a default domain). For example, if the server was called mail.example.com, a certificate that is valid for that host name would need to be purchased and registered (or a certificate for the entire domain could be obtained thereby allowing SSL certificates to be generated for multiple hostnames e.g. mail.example.com, www.example.com, support.example.com, etc.).
The server setting for users to configure their email application needs to match this certificate in order to avoid a security warning being displayed indicating that the server does not match the certificate.
For example, if you have a SSL certificate for a website www.example.com, this can be configured in MailEnable as the SSL certificate. If a user wishes to connect to the server via SSL, they should use the www.example.com domain as their SMTP/POP/IMAP server. They can use alternate domain or the IP address, but their email application will display a
To use SSL for web mail and web administration, then these would be configured under IIS normally, since IIS in this case is responsible for the SSL handling.
Registering an SSL Certificate on the mail server
Under the Windows platform, certificates can be registered into shared certificate containers which can be accessed via IIS and other SSL enabled applications. If an SSL certificate is already registered under IIS or for a web site running on the server then the certificate should be available to be used by MailEnable.
Microsoft provides a Microsoft Management Console (MMC) application that can be used to manage certificates on the server. Access the certificate manager MMC application as follows:
1. From the Windows Start Menu, select Run >mmc.exe
2. From within the MMC application select File > Add/Remove Snap-In > Standalone > Add
3. Select "Certificates" from the list and select the Add button.
4. Select "Computer Account" account, select "Finish'
This application can be used to review and import SSL certificates into the various SSL certificate containers on the server. MailEnable should be able to use any certificates that have been configured in the “Personal Certificates” store of the Computer Account.
Detailed instructions for managing certificates on the Windows platform can also be found on the Microsoft Web Site. 22.214.171.124 Configuring MailEnable to use an SSL Certificate Once an SSL Certificate has been configured in the server’s Personal Certificates store, select and enable that certificate for use under MailEnable. The SSL certificate that is chosen for use by MailEnable is used for all SSL communications. Figure 4 10 – Server Properties SSL Tab Once certificates have been registered on the server, mail users can enable SSL from within their mail client. Please refer to the email client documentation for instructions on how to configure the client for SSL.