Sun Java System Messaging Server 6.3 Administration Guide

ProcedureTo Configure MMP with Client Certificate-based Login

If you want client certificate based login, do the following:

  1. Get a copy of a client certificate and the CA certificate which signed it.

  2. Import the CA certificate as a Trusted Certificate Authority (see 23.5.1 Obtaining Certificates).

  3. Use the Store Administrator you created during your Messaging Server installation.

    For more information, see the 20.4 Specifying Administrator Access to the Store

  4. Create a certmap.conf file for the MMP. For example:

    certmap default default
    default:FilterComps e=mail

    This means to search for a match with the e field in the certificate DN by looking at the mail attribute in the LDAP server.

  5. Edit your ImapProxyAService.cfg file and do the following:

    1. Set CertMapFile to certmap.conf

    2. Set StoreAdmin and StorePass to values from Step 3.

    3. Set UserGroupDN to the root of your Users and Groups tree.

  6. If you want client certificates with POP3, repeat Step 5 for the PopProxyAService.cfg file.

  7. If the MMP is not already running, start it with the following command in the msg-svr-base/sbin directory:

    start-msg mmp

  8. Import the client certificate into your client. In NetscapeTM Communicator, click on the padlock (Security) icon, then select Yours under Certificates, then select Import a Certificate... and follow the instructions.

    Note –

    All your users will have to perform this step if you want to use client certificates everywhere.