The Messaging Server supports the use of the Secure Socket Layer (SSL) for Internet links affecting Communications Express Mail, as summarized in the following table.
Link Between: |
Description |
---|---|
Messaging Server and Communications Express Mail |
Securing this link with SSL requires administrative work for the Messaging Server. The Communications Express Mail user must use the HTTPS protocol, rather than HTTP, when entering the URL information for the Messaging Server in their browser. See Securing the Link Between Messaging Server and Communications Express Mail |
Messaging Server and S/MIME applet |
When checking public keys certificates against a CRL, the S/MIME applet must communicate directly with the Messaging Server. Securing this link with SSL requires administrative work for the Messaging Server in addition to setting sslrootcacertsurl and checkoverssl in the smime.conf file. See Securing the Link Between the Messaging Server and S/MIME Applet |
The Messaging Server supports the use of Secure Socket Layer (SSL) for the Internet link between it and Communications Express Mail. Once you have set up Messaging Server for SSL, configure Communications Express for SSL See Sun Java System Communications Express 6 2005Q4 Administration Guide. A Communications Express Mail user specifies the Communications Express URL in their browser with the HTTPS protocol:
HTTPS://hostname.domain:secured_port
instead of the HTTP protocol (HTTP://hostname.domain:unsecure_port). When the Communications Express login window displays, the user sees a lock icon in a locked position at the bottom of their window to indicate they have a secure link.
See Configuring Encryption and Certificate-Based Authentication for SSL configuration information for Messaging Server.
When checking the certificate of a public key against a CRL, the S/MIME applet must communicate directly with the Messaging Server.
Do the administrative tasks to configure the Messaging Server for SSL. See Configuring Encryption and Certificate-Based Authentication.
Set the sslrootcacertsurl parameter in the smime.conf file to specify the information to locate the root SSL CA certificates. These CA certificates are used to verify the Messaging Server’s SSL certificates when the SSL link is established between the Messaging Server and the S/MIME applet.
Set the checkoverssl parameter in the smime.conf file to 1. This Messaging Server option determines whether SSL is used for the link between the Messaging Server and the S/MIME applet. Regardless of how a Communications Express Mail user specifies the URL for the Messenger Server (HTTP or HTTPS), the link between the Messaging Server and the S/MIME applet is secured with SSL when checkoverssl is set to 1.
A proxy server can be used between the Messaging Server and client applications such as Communications Express Mail. See Proxy Server and CRL Checking using a proxy server with and without a secured communications link.