Перейти к концу метаданных
Переход к началу метаданных

Вы просматриваете старую версию данной страницы. Смотрите текущую версию.

Сравнить с текущим просмотр истории страницы

« Предыдущий Версия 3 Следующий »

В этом разделе описывается, как создать и установить серверный и доверенный сертификат. Сертификаты используются для безопасного доступа к Архива по HTTPS.

Создать подпись сертификата, сгенерировать тестовый сертификат

  1. Нажмите "Новый сертификат сервера" в  

 

  1. Choose and enter a storage alias. This alias is an arbitrary name (chosen by you) that you will later use to refer to the certificate.

 

If you're setting up HTTPS, use "tomcat" as the alias.

 

  1. Enter the common name of the certificate.

 

If you're setting up HTTPS,  the common name should be the FQDN of the server (e.g. mailarchiva.stimulussoft.com)

 

  1. Complete all the relevant demographic information
     
Avoid entering abbreviated names for cities and states, as many CA's will not accept the signing request.

 

  1. Click the “Generate New Cert Request” to generate the Certificate Signing Request
     
  2. Select and copy the certificate signing request to the clipboard. Close the New Server Cert dialog.

Certificate Signing Request

 

  1. You should see a place holder for your signing certificate listed in the Server Certificates list in the Certificates tab.


Step 2. Obtain Certificates from the Certificate Authority (CA)
 

  1. Obtain a free 15 day trial SSL certificate / purchase a certificate from a CA such as Verisign.
     
If there are concerns over the purchase price of a certificate, please use a free CA service as http://www.cacert.org to generate the certificate.
Alternatively, generate a self-signed server certificate by completing the CSR process.

 

  1. Paste in the Certificate Signing Request (CSR) generated earlier.
     

Verisign CSR

 

  1. In most cases, the server certificate and CA certificates will be mailed to you
  2. Create a folder on your Desktop called Certificates
  3. Open a text editor and paste the contents of the server certificate. Name the file as "server.cert" and save into the Certificates folder.
  4. Similarly, copy the intermediate CA certificate to a text file called intermediate.cert.
  5. Finally, copy the CA root certificate to a text file called root.cert.

 

Certificate Copy

 

When using Verisign, the links to download the intermediate and CA certificates are included in the email containing your server certificate.

 

Step 3. Import the Certificates

 

Note: The order in which you import the certificates is important. First import the root CA certificate, then the intermediate CA certificate and finally the server certificate.

 

  1. Click “Import CA Cert”, select the root.cert file, enter “root” as the storage alias and click Import

CA Certificate

 

  1. Click “Import CA Cert”, select the intermediate.cert file, enter “intermediatecert” as the storage storage and click Import

Intermediate Certificate

 

  1. Click “Import Server Cert”, select the user.cert file. Select the same alias as used in the CSR generation step above (e.g. tomcat).

 

Install Server Certificate

 

  1. If all went well, the server certificate and CA certificates should be visible in the Certificates list.
     


Certificate List

 

Key Store

 

The private key and certificate is stored in a standard Java keystore file. This file is called mailarchivacerts and is located in the Configuration directory.

For additional certificate management functions, such as key and certificate export, please refer to the keystore utility included with the Java Runtime.

 

To obtain the password to the keystore, run the commandline utility getkeystoresecret. This utility is  located in server folder under the main application folder.

 

KeyStore Secret

 

Enter your Архива encryption password. The resultant passphrase is the password to your mailarchivacerts keystore. If the certificates are being using

for TLS, this passphase can be entered in the Tomcat server.xml HTTPS connector.

  • Ни одной