Using SSL and TLS Encryption on Email and LDAP Connections¶
You can and should use encrypted connections between Allegra and your email server to prevent passwords from being transmitted over your network in clear text.
Note
If you use a certificate issued by a certificate authority such as Verisign, Thawte, Geotrust or Comodo, you don’t need to do anything here, it should work fine.
If you are using a self-signed certificate, or a certificate from a certificate authority that your system does not recognize, you will need to store the certificate that identifies your mail server in your local Allegra keystore. You need to proceed as follows:
Obtain a certificate from your email server. How you do this depends on your server. You can ask your provider to give you this certificate. The certificate is usually bound to a specific Internet address, such as your.domain.com.
Import the certificate into your local keystore using the “keytool” utility that comes with every Java installation.
mkdir <TRACKPLUS_HOME>/keystore
keytool -keystore <TRACKPLUS_HOME>/keystore
/<your.domain.com>.ks
-import -file theServersCertificate.cer
The keystore file must be located in the TRACKPLUS_HOME/keystore
directory.
For information on how to configure TRACKPLUS_HOME, see Miscellaneous Settings.
The keystore file itself must have the extension ks and the base name should match the hostname of the
email server. The certificate file you received from your provider in the above example
is called theServersCertificate.cer
.
If you have problems with the above approach or want to use TLS encrypted connections instead of SSL you have to import self created certificates directly into the Java Keystore. Change to the bin directory of the Java runtime environment provided by your application server (for example, Tomcat) and import the certificate as follows (here for a Windows system):
You will be prompted to enter a password. If it has not been changed from the default, it is “changeit”.