MailEnable has the ability to use SSL (Secure Sockets Layer) when transmitting data between mail clients and servers. SSL is available for IMAP, SMTP, POP, and HTTP related protocols.
Secure Sockets Layer (SSL) creates a secure connection between a client and a server over which any amount of data can be sent securely. It is a protocol for transmitting private documents via the Internet and is used with both web and email applications. URLs that require an SSL connection start with https: instead of http:.
Enabling SSL on the email client (e.g., Microsoft Outlook, eM Client, Thunderbird) provides an added level of privacy and security for the data being sent over the network.
Obtaining an SSL Certificate
For the MailEnable mail services, one SSL certificate can be configured on the server as the default certificate for connections. This default certificate is used for all connections if SNI is disabled, or for when the client requested certificate cannot be found. When using SNI, the services are able to determine what certificate the client is requesting, and will attempt to load that certificate from the Windows certificate store.
To use SSL for web mail and web administration, then these would be configured under the IIS administration applet, since IIS in this case is responsible for the SSL handling.
Registering an SSL Certificate on the mail server
Under the Windows platform, certificates can be registered into shared certificate containers which can be accessed via IIS and other SSL enabled applications. If an SSL certificate is already registered under IIS or for a web site running on the server then the certificate should be available to be used by MailEnable.
Microsoft provides a Microsoft Management Console (MMC) application that can be used to manage certificates on the server. Access the certificate manager MMC application as follows:
1. From the Windows Start Menu, select Run|mmc.exe
2. From within the MMC application select File | Add/Remove Snap-In | Standalone | Add
3. Select "Certificates" from the list and select the Add button.
4. Select "Computer Account" account, select finish
This application can be used to review and import SSL certificates into the various SSL certificate containers on the server. MailEnable uses certificates that have been configured in the “Personal Certificates” store of the Computer Account. It is not able to use the certificates under the the Web Hosting container, so if you have installed a certificate there that you need, you would need to copy it to the Personal Certificates container.
Detailed instructions for managing certificates on the Windows platform can also be found on the Microsoft web site.
Configuring MailEnable to use an SSL Certificate
Once an SSL Certificate has been configured in the server’s Personal Certificates store, select and enable that certificate for use under MailEnable. The SSL certificate that is chosen for use by MailEnable is the default used for SSL communications. The server determines certificates by the name only. If you have multiple certificates with the same name, for example, if you have renewed a certificate and added this to the server, then the software will load the first valid certificate. So it will still use the old certificate until it is not valid, before it uses the new one.
Once certificates have been registered on the server, you still need to configure which services make use of it. So under the services and connectors configuration you may wish to add an SSL port, or enable TLS support.
When SNI is selected, the mail services will try to choose the correct certificate to match the one the user is requesting. If this does not exist, then the default SSL certificate is used. Not all email clients support SNI, and these will use the default certificate.