Xeams Home » Products » Xeams » Knowledge Base

Document information

Document ID:1128
Subject:Using SSL for SMTP, POP3 and IMAP protocols
Creation date:12/4/09 2:33 PM
Last modified on:1/24/11 1:29 PM


Using SSL for HTTPS, SMTP, POP3 and IMAP


An SSL certificate is required before you can enable and use SSL for SMTP, POP3 and IMAP protocols. This article talks about how to apply this certificate in Xeams.

An SSL certificate can by purchased by a certificate authority (CA). You can use any CA that supports a certificate for Java. If the word "Java" is missing from their supported servers, try Apache Tomcat. We have tested certificates from Go Daddy and Comodo. Having said that, there is no reason certificates from CA won't work.

NOTE: Java 2 SDK 1.2 or above must be installed before you can generate your CSR. Once installed, you will be using the "keytool" command to create your key pair and CSR.

Additional Help
Click here if you need additional help regarding this matter.

Steps

Arrow To Generate the Key Pair
  1. Open a console (DOS prompt) on Windows or Terminal on Linux/Unix.
  2. Enter the following command.


    keytool -keysize 2048 -genkey -alias xeams -keyalg RSA -keystore synametrics.cert



  3. You will be prompted for a password. You will need this password later on.
  4. Enter Distinguished Name (DN) information:
    • First and last name - This is the Common name: The common name is the fully-qualified domain name (FQDN), Host name, or URL - to which you plan to apply your certificate. Do not enter your personal name in this field.
    • Organizational unit - Use this field to differentiate between divisions within an organization. For example, "Engineering" or "Human Resources." If applicable, you may enter the DBA (doing business as) name in this field.
    • City/Locality - Name of the city in which your organization is registered/located. Please spell out the name of the city. Do not abbreviate.
    • State/Province - Name of state or province where your organization is located. Please enter the full name. Do not abbreviate.
    • Country code - The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
  5. Confirm that the Distinguished Name information is correct.

This steps creates a keystore, which is a file that holds certificates.

Arrow To Generate a CSR

 Next step is to submit a CSR (SSL Certificate Signing Request) to a certificate authority.
  1. Enter the following command:

    keytool -certreq -keyalg RSA -alias xeams -file xeams.csr -keystore synametrics.cert



  2. Enter the keystore password you specified earlier.
  3. This creates a new file called xeams.csr. Open this file in any editor like Notepad.
  4. Cut/copy and paste the generated CSR into enrollment form of your certificate authority.
  5. Select Tomcat as your server software.
Arrow Submit CSR and wait for response

 Once you submit a CSR to a certificate authority, you have to wait for their response. It could take anywhere from a few minutes to up to two days before you get a response. The response from certificate authority typically includes an attached file containing your certificate. Some vendors also ask you to download the certificate from a secure website rather than emailing them to you.

You will probably get more than one file from the certificate authority. An SSL certificate creates a trust relationship by creating a chain of certificates. This is analogous to saying that you trust person A, but not C. However, person A trusts person B, who then trusts C. Therefore, it is okay to trust C.

Every file you get from a certificate authority must be added to the keystore you create in the first step.
Arrow Adding certificates to the keystore You must add certificates in the order specified by certificate authority. The following example show how to add a root certificate, two intermediate certificates, and finally the actual certificate that is create for you.

Importing Root Certificate

keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore synametrics.cert


Now add two intermediary certificates. Replace Alias1, Alias2, File1 and File2 with actual values provided to you.

keytool -import -trustcacerts -alias Alias1 -file File1.crt -keystore synametrics.cert


keytool -import -trustcacerts -alias Alias2 -file File2.crt -keystore synametrics.cert


Finally, add the actual certificate that is meant for your copy of Xeams using the following command.

keytool -import -trustcacerts -alias xeams -file yourCertificate.crt -keystore synametrics.cert



Arrow Final Step

Copy synametrics.cert file $INSTALLDIR\config folder and restart Xeams. Once the certificate is installed, you should be able to use SSL for SMTP, POP3 and IMAP.

Next, look for a file called server.properties in the config folder. If this file does not exist, create it and append the following content:
javax.net.ssl.keyStore=config/synametrics.cert
javax.net.ssl.keyStorePassword=password
SSLCertificatePassword=password
Replace password with the actual value and restart Xeams.







Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users? Please add it below. Your name and tip will appear at the end of the document text.
Your name:
Your email:
Hide my email address
Verification code:
Enter the verification code you see above more submitting your tip
Tip:Please limit tips to 1000 characters

Support Please contact our support department at support@synametrics.com
Call us at 1–877–SYNAMETRICS
Home | Site Map | Support | Forums | About Us | Contact Us
© Copyright 1998–2007 Synametrics Technologies, Inc. All rights reserved.
666 Plainsboro Rd, Suite 656, Plainsboro NJ — Since 1997™
Powered by 10MinutesWeb.com