spacer
   
    
Mailtraq - the Complete Email Server
   
spacer

Enstar for Mailtraq email server sales & support
Making world-class Internet technology affordable  

spacer
spacer

Features > Webmail > Webmail: Set up > Secure webmail

Secure webmail

Mailtraq provides a full functioning webmail system on installation, normally without any further configuration.
This is made available on Port 80.

Secure Webmail

Mailtraq can also provide a fully secure (HTTPS) webmail system with a small amount of configuration, by adding a HTTPS service from the Services Manager in the Console at Options | Services.

HTTPS Web Service
This dialog, accessed from the Service Manager dialog, is used to configure the HTTPS Web Service in Mailtraq. 

See 'Configuration' below for more details.

 

SSL Certificate Tab
This tab, which appears on the HTTP Service dialog, configures the main properties of the HTTPS Service.  Unlike the other tabs in this dialog, the SSL Certificate tab only appears for HTTPS (Secure HTTP) services.

On this tab you can select the certificate to use for HTTP clients that connect to this service.  Certificates are generated and imported in the Certificate manager, which you can reach by clicking on the Certificate Manager button.

Certificate Manager
The Certificate Manager is used to create, import and manage SSL/TLS X.509 certificates.  You can reach this manager through the Certificate Manager button on the SSL Certificate tab of the HTTPS Service properties dialog.

Certificates are used to secure communication between client computers and the services installed on your system. 

Certificates provide two functions :-

Authentication (prove that the site is who the client thinks it is)

Encryption (prevent third parties from observing the communication, including the transmission of passwords)

Most web browsers are capable of accepting certificates and using them for secure communication. 

What is in a Certificate?

Certificates contain just a few items: a Subject (identifying the web site), an Issuer (identifying who issued the certificate), a public key (used for public-key cryptography) and the encryption parameters (used to secure the channel).

Web Browsers have a list of issuers that the user trusts.  These issuers (Certificate Authorities) sign the certificate indicating that they believe the subject to be authentic.  Thus, if the user trusts the issuer, they implicitly trust the subject.  For this reason, certificates should always be signed by issuers who the user is likely to trust.  For most users, this means one of the large Certificate Authorities.

You can issue a self-signed certificate, indicating that there is no issuer, which means the user must explicitly choose to trust your certificate.  In such cases, a warning dialog is usually displayed to the user.  Not all web browsers can use self-signed certificates.

Creating a Self-Signed Certificate

You can create a Self-Signed certificate easily by clicking on New Certificate and choosing the Self-Signed option.  The default cryptography parameters are recommended.

Creating a Regular Certificate

Creating a CA-Signed certificate is more complex.  To do this, you must create a Certificate Signing Request which you then give to the Certificate Authority for them to authenticate and sign.  What they return is the completed certificate.

To do this, simply contact a Certificate Authority and request a new certificate.  They will typically ask for a Certificate Signing Request (CSR, or PKCS#10 certificate).  Normally they can accept a Base64 encoded CSR.  To get this, click on New Certificate and follow the steps.  A CSR will be displayed in Base64 which you can copy and paste.  The Certificate Authority will then begin the process which typically involves contacting you to verify the credentials.  Once complete, they will provide somewhere (typically on the web site) where you can download the completed certificate.  You can then use the Import button to install it in the system. 


Configuration

1.) In the Console at  
Options | Services add an HTTPS service from the Services Manager.

The HTTPS service operates on Port 443.
Multiple Web Service instances may be configured but each must operate on a different TCP/IP port. 

2.) In Options | Websites | General-tab (see right) check the box to enable webmail to listen on Port 443.

3.) In Options | Websites | Application-tab (below-right) select the option for
WebMail as an Installable Web Application.

and then [OK] back to the Console

Configure the Certificate

In addition to starting the service, it will also be necessary to configure the Certificate.

You can reach this manager through the Certificate Manager button on the SSL Certificate tab of the HTTPS Service properties dialog. A wizard will step you through the process.

Note: Make sure you have opened your Windows firewall, and any other firewalls, on Port 443 and have set Port Forwarding (Network Address Translation) on your router to direct Port 443 traffic to Mailtraq.

spacer
spacer

 

  

   Copyright © 2003 - 2008 Enstar Ltd, Enstar LLC & Fastraq Ltd. All rights reserved. Privacy policy.
   Mailtraq® is a registered trademark of Fastraq Limited.