Sun Java System Messaging Server 6.3 Administration Guide

24.7 Securing Internet Links With SSL

The Messaging Server supports the use of the Secure Socket Layer (SSL) for Internet links affecting Communications Express Mail, as summarized in the following table.

Link Between:	Description
Messaging Server and Communications Express Mail	Securing this link with SSL requires administrative work for the Messaging Server. The Communications Express Mail user must use the HTTPS protocol, rather than HTTP, when entering the URL information for the Messaging Server in their browser. See 24.7.1 Securing the Link Between Messaging Server and Communications Express Mail
Messaging Server and S/MIME applet	When checking public keys certificates against a CRL, the S/MIME applet must communicate directly with the Messaging Server. Securing this link with SSL requires administrative work for the Messaging Server in addition to setting `sslrootcacertsurl` and `checkoverssl` in the `smime.conf` file. See 24.7.2 Securing the Link Between the Messaging Server and S/MIME Applet

Link Between:

Description

Messaging Server and Communications Express Mail

Securing this link with SSL requires administrative work for the Messaging Server. The Communications Express Mail user must use the HTTPS protocol, rather than HTTP, when entering the URL information for the Messaging Server in their browser.

See 24.7.1 Securing the Link Between Messaging Server and Communications Express Mail

Messaging Server and S/MIME applet

When checking public keys certificates against a CRL, the S/MIME applet must communicate directly with the Messaging Server. Securing this link with SSL requires administrative work for the Messaging Server in addition to setting sslrootcacertsurl and checkoverssl in the smime.conf file.

See 24.7.2 Securing the Link Between the Messaging Server and S/MIME Applet

24.7.1 Securing the Link Between Messaging Server and Communications Express Mail

The Messaging Server supports the use of Secure Socket Layer (SSL) for the Internet link between it and Communications Express Mail. Once you have set up Messaging Server for SSL, configure Communications Express for SSL See Sun Java System Communications Express 6.3 Administration Guide. A Communications Express Mail user specifies the Communications Express URL in their browser with the HTTPS protocol:

HTTPS://hostname.domain:secured_port

instead of the HTTP protocol (HTTP://hostname.domain:unsecure_port). When the Communications Express login window displays, the user sees a lock icon in a locked position at the bottom of their window to indicate they have a secure link.

See 23.5 Configuring Encryption and Certificate-Based Authentication for SSL configuration information for Messaging Server.

24.7.2 Securing the Link Between the Messaging Server and S/MIME Applet

When checking the certificate of a public key against a CRL, the S/MIME applet must communicate directly with the Messaging Server.

To Secure the Communications Link with SSL

Do the administrative tasks to configure the Messaging Server for SSL. See 23.5 Configuring Encryption and Certificate-Based Authentication.

Set the sslrootcacertsurl parameter in the smime.conf file to specify the information to locate the root SSL CA certificates. These CA certificates are used to verify the Messaging Server’s SSL certificates when the SSL link is established between the Messaging Server and the S/MIME applet.

Set the checkoverssl parameter in the smime.conf file to 1. This Messaging Server option determines whether SSL is used for the link between the Messaging Server and the S/MIME applet. Regardless of how a Communications Express Mail user specifies the URL for the Messenger Server (HTTP or HTTPS), the link between the Messaging Server and the S/MIME applet is secured with SSL when checkoverssl is set to 1.

Note –
A proxy server can be used between the Messaging Server and client applications such as Communications Express Mail. See 24.9.4 Proxy Server and CRL Checking using a proxy server with and without a secured communications link.