Are there any differences between server and user SSL c...
Created On: 15 Feb 2007 06:47 PM
Yes, they are required for different processes.
Server Certificates required on servers that wish to communicate using an SSL/TLS encrypted
User certificates allow a single user to digitally sign, and optionally encrypt, his emails so that a
recipient can confirm the email is genuine by checking the signature with the issuing Certificate
Server SSL Certificates
Icewarp Email server can be configured to only accept SSL/TLS encrypted connections but this
requires the presence of an SSL Certificate. One SSL Certificate is installed by default, allowing SSL
connections to be made. However, this certificate is not signed by any of the issuing Certificate
Authorities (Verisign, Thawte etc.) so your users may be presented with the following Security Alert
(or similar) when accessing WebMail.
Clicking Yes will allow the User to access WebMail
Clicking No will block the access to WebMail
Clicking View Certificate will take the user to a dialog like this
If the user is happy to accept the certificate he can click Install Certificate to accept this certificate for
this server in the future. An Import Wizard will guide the user through the process.
NOTE - the installed certificate is only considered valid for the one server, if you have multiple
Icewarp Email servers that this user accesses he will be presented with the Security Alert for other
servers with the same certificate!
User SSL Certificate
This certificate is issued by a Certificate Authority and associates a particular email address to a
particular person. It can be used to Sign and optionally Encrypt messages.
A User SSL Certificate has two parts - a public and a private key.
The public Key is used to digitally sign messages you send and can also be used by others to
encrypt messages sent to you, although you must send your public key to the sender before they
can do this.
The recipient of a digitally signed message can check the signature via the issuing Certificate
If you know someone's public key, you can encrypt messages that you send to them.
The private key is used to decrypt any messages that are encrypted with your public key