В этом разделе описывается, как создать и установить серверный и доверенный сертификат. Сертификаты используются для безопасного доступа к Архива по HTTPS.
Создать подпись сертификата, сгенерировать тестовый сертификат
- Нажмите "Новый сертификат сервера" в
- Choose and enter a storage alias. This alias is an arbitrary name (chosen by you) that you will later use to refer to the certificate.
- Enter the common name of the certificate.
- Complete all the relevant demographic information
- Click the “Generate New Cert Request” to generate the Certificate Signing Request
- Select and copy the certificate signing request to the clipboard. Close the New Server Cert dialog.
- You should see a place holder for your signing certificate listed in the Server Certificates list in the Certificates tab.
Step 2. Obtain Certificates from the Certificate Authority (CA)
- Obtain a free 15 day trial SSL certificate / purchase a certificate from a CA such as Verisign.
- Paste in the Certificate Signing Request (CSR) generated earlier.
- In most cases, the server certificate and CA certificates will be mailed to you
- Create a folder on your Desktop called Certificates
- Open a text editor and paste the contents of the server certificate. Name the file as "server.cert" and save into the Certificates folder.
- Similarly, copy the intermediate CA certificate to a text file called intermediate.cert.
- Finally, copy the CA root certificate to a text file called root.cert.
Step 3. Import the Certificates
- Click “Import CA Cert”, select the root.cert file, enter “root” as the storage alias and click Import
- Click “Import CA Cert”, select the intermediate.cert file, enter “intermediatecert” as the storage storage and click Import
- Click “Import Server Cert”, select the user.cert file. Select the same alias as used in the CSR generation step above (e.g. tomcat).
- If all went well, the server certificate and CA certificates should be visible in the Certificates list.
Key Store
The private key and certificate is stored in a standard Java keystore file. This file is called mailarchivacerts and is located in the Configuration directory.
For additional certificate management functions, such as key and certificate export, please refer to the keystore utility included with the Java Runtime.
To obtain the password to the keystore, run the commandline utility getkeystoresecret. This utility is located in server folder under the main application folder.
Enter your Архива encryption password. The resultant passphrase is the password to your mailarchivacerts keystore. If the certificates are being using
for TLS, this passphase can be entered in the Tomcat server.xml HTTPS connector.