Zarafa with official SSL certificates

From Zarafa wiki

Revision as of 18:19, 22 February 2012 by Ddebyttere (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Getting Zarafa to run with your official SSL certificates is quite simple. This document will explain you how to get your Zarafa running with your official SSL certificates.

E.g.: You have bought an official * certificate for your domain, and you have that already configured for your apache webserver, and now you want to use that * certificate also for your zarafa setup. This document will explain you how to do that, and will use the apache config as an instrument to help explain this.


When you buy your certificate (in our example a * certificate) you will get the folowing files:

  • SSL Certificate File: In our example star_domain_com.crt
  • SSL Certificate Key File: In our example star_domain_com.key
  • Certificate Authority: in our example ca.crt

Your apache ssl config will look something like this:

SSLCertificateFile /path/to/star_domain_com.crt
SSLCertificateKeyFile /path/to/star_domain_com.key
SSLCertificateChainFile /path/to/ca.crt

Note: The Certificate Authority can also be added to your ca-bundle. Then you need to change the apache config "SSLCertificateChainFile" to your ca-bundle.

In this case we assume that your apache SSL works correctly without any SSL popups.


Now we will use those same SSL files for zarafa-server.

First we need to create a pem file:

cat /path/to/star_domain_com.key /path/to/star_domain_com.crt > /path/to/star_domain_com.pem

Copy the files star_domain_com.pem and ca.crt to your zarafa server.

Now we will modify the ssl settings in the server.cfg:

server_ssl_enabled      = yes
server_ssl_port         = 237
server_ssl_key_file     = /path/to/star_domain_com.pem
server_ssl_key_pass     =
server_ssl_ca_file      = /path/to/ca.crt

Restart zarafa-server and your are done. Now you can start up outlook and connect to zarafa-server over SSL, and you should not get any popups (assuming you connect to the correct domainname).

Personal tools