Articles in this section

Are there any differences between server and user SSL certificates?

Avatar
Permanently deleted user
  • Updated
Follow
Posted by - NA -, Last modified by Marek Puverle on 14 May 2015 08:08 AM

Yes, they are required for different processes.

Server Certificates required on servers that wish to communicate using an SSL/TLS encrypted connection.

User certificates allow a single user to digitally sign, and optionally encrypt, his emails so that a recipient can confirm the email is genuine by checking the signature with the issuing Certificate Authority.

Server SSL Certificates

Icewarp Email server can be configured to only accept SSL/TLS encrypted connections but this requires the presence of an SSL Certificate. One SSL Certificate is installed by default, allowing SSL connections to be made. However, this certificate is not signed by any of the issuing Certificate Authorities (Verisign, Thawte etc.) so your users may be presented with the following Security Alert (or similar) when accessing WebMail.

WebMail - SSL Access - Confirm Certificate

Clicking Yes will allow the User to access WebMail

Clicking No will block the access to WebMail

Clicking View Certificate will take the user to a dialog like this

assigned Webmail - SSL Access - Install Certificate

If the user is happy to accept the certificate he can click Install Certificate to accept this certificate for this server in the future. An Import Wizard will guide the user through the process.

 

NOTE - the installed certificate is only considered valid for the one server, if you have multiple Icewarp Email servers that this user accesses he will be presented with the Security Alert for other servers with the same certificate!

User SSL Certificate

This certificate is issued by a Certificate Authority and associates a particular email address to a particular person. It can be used to Sign and optionally Encrypt messages.

A User SSL Certificate has two parts - a public and a private key.

Public key

The public Key is used to digitally sign messages you send and can also be used by others to encrypt messages sent to you, although you must send your public key to the sender before they can do this.

The recipient of a digitally signed message can check the signature via the issuing Certificate Authority.

If you know someone's public key, you can encrypt messages that you send to them.

Private key

The private key is used to decrypt any messages that are encrypted with your public key

Related articles

Comments

0 comments

Article is closed for comments.