MailEnable Enterprise Guide
Administration / Server configuration / Localhost - Secure Sockets Layer (SSL) encryption
In This Topic
    Localhost - Secure Sockets Layer (SSL) encryption
    In This Topic

    MailEnable has the ability to use SSL (Secure Sockets Layer) when transmitting data between mail clients and servers. SSL is available for IMAP, SMTP, POP, and HTTP related protocols.

    Secure Sockets Layer (SSL) creates a secure connection between a client and a server over which any amount of data can be sent securely. It is a protocol for transmitting private documents via the Internet and is used with both web and email applications. URLs that require an SSL connection start with https: instead of http:.

    Enabling SSL on the email client (e.g., Microsoft Outlook, eM Client, Thunderbird) provides an added level of privacy and security for the data being sent over the network.

    Obtaining an SSL Certificate

    For the MailEnable mail services, one SSL certificate can be configured on the server as the default certificate for connections. This default certificate is used for all connections if SNI is disabled, or for when the client requested certificate cannot be found. When using SNI, the services are able to determine what certificate the client is requesting, and will attempt to load that certificate from the Windows certificate store.

    The Enterprise version of MailEnable also supports configuring an SSL certificate per IP address. This is configured under the IP bindings. The services will still try to use the certificate requested by the client, but instead of falling back to the default certificate, they will use the one allocated to that IP address.

    To use SSL for web mail and web administration, then these would be configured under IIS normally, since IIS in this case is responsible for the SSL handling.

    Registering an SSL Certificate on the mail server

    Under the Windows platform, certificates can be registered into shared certificate containers which can be accessed via IIS and other SSL enabled applications. If an SSL certificate is already registered under IIS or for a web site running on the server then the certificate should be available to be used by MailEnable.

    Microsoft provides a Microsoft Management Console (MMC) application that can be used to manage certificates on the server. Access the certificate manager MMC application as follows:

    1.       From the Windows Start Menu, select Run|mmc.exe

    2.       From within the MMC application select File | Add/Remove Snap-In | Standalone | Add

    3.       Select "Certificates" from the list and select the Add button.

    4.       Select "Computer Account" account, select finish

    This application can be used to review and import SSL certificates into the various SSL certificate containers on the server. MailEnable should be able to use any certificates that have been configured in the “Personal Certificates” store of the Computer Account.

    Detailed instructions for managing certificates on the Windows platform can also be found on the Microsoft Web Site.

    Configuring MailEnable to use an SSL Certificate

    Once an SSL Certificate has been configured in the server’s Personal Certificates store, select and enable that certificate for use under MailEnable.  The SSL certificate that is chosen for use by MailEnable is the default used for SSL communications.

    Once certificates have been registered on the server, mail users can enable SSL from within their mail client. Please refer to the email client documentation for instructions on how to configure the client for SSL.

    When SNI is selected, the mail services will try to choose the correct certificate to match the one the user is requesting. If this does not exist, then the default SSL certificate is used. Not all email clients support SNI, and these will use the default certificate.