![]() Enter the fully qualified domain name (FQDN) of the server specified in Step 4 above.It is customary, though not required, to use the alias "tomcat". Choose and enter a storage alias name.In the Certificates tab of Configuration, click “Get free cert” button.For example, to verify that the server is accessible from outside, hit the url in a web browser. Verify that MailArchiva is accessible on port 80 from outside your network.Create an A record on your company domain to point to the IP address.Port forward port 80 and 443 from an external IP address on your company firewall to the MailArchiva server.Allocate an external IP address to MailArchiva on your firewall.Using a text editor, search and replace 8090 with 80, and restart MailArchiva. ![]() Switch the MailArchiva server to listen on port 80Įdit /var/opt/mailarchiva/tomcat/conf/server.xml (Linux) orĬ:\ProgramData\MailArchiva\Tomcat\conf\server.xml (Windows).The complete set of steps required to obtain a free certificate are outlined below: A Wildcard certificate is normally only necessary when using MailArchiva Multitenant (MT).įor the automatic certificate retrieval process to work, the MailArchiva server must be accessible on HTTP/port 80 from outside the local area network. ![]() The main advantage of using the DNS challenge method is that it is possible to generate a Wildcard certificate. ![]() Since Let's Encrypt certificates expire every three months, it may be impractical to update the DNS record manually each time. Adding the TXT record to the domain's DNS record, can either be done manually using the DNS provider's website, or by using a third-party utility (either open source or supplied by your DNS provider) to update the TXT record automatically. In contrast, when using the DNS challenge method, a TXT record must be added to your domain's DNS record. The advantage of the HTTP challenge verification method is that, provided Let's Encrypt can reach MailArchiva server on port 80, a new certificate can be requested automatically by MailArchiva and obtained from Let's Encrypt before the existing one expires. DNS challenge verification method - Let's Encrypt obtains and verifies a challenge from a TXT entry on your domain's DNS record.HTTP challenge verification method - Let's Encrypt obtains and verifies a challenge from MailArchiva on port 80 from outside your network.There are two methods available to do this: Before Let's Encrypt can issue a certificate, it must verify ownership of the domain to which the certificate is issued. Obtain and install a free digital certificate from Let's Encrypt Certificate Authority for the purposes of securing the web console (among other uses). Let's Encrypt certificates are typically accepted by all modern browsers. Note: This Get Free Certificate feature is only available in MailArchiva V8 Import Existing Private Key - How to import an existing private key Using the KeyTool Command - The use of the Java Keytool command (with respect to the MailArchiva keystore). Using KeyStore Explorer - An alternate GUI for performing certificate management operations on the keystore Obtaining the Key Store Secret - Obtaining the keystore secret for insertion into Tomcat's server.xml file and general keytool usage. Generate
0 Comments
Leave a Reply. |