更多精彩内容,请访问云邮科技官方网站:
现在位置:首页 » 邮件技术 »

Winwebmail如何创建TLS/SSL证书实现安全连接?

作者:山坛兄弟 ⁄ 时间:2016年04月16日 ⁄ 分类: 邮件技术 评论:0 为了创建用于TLS/SSL标准安全套接字层通讯协议的1024位RSA数字证书,使WinWebMail支持包括 SSL SMTP, SSL POP3, SSL IMAP4 安全通讯服务。

1、您首先需要下载证书创建工具: 

2、在您的机器(Win NT/2000/XP/2003)上解压缩,并按下面的步骤执行 ca.bat 文件。

3、在按说明正确操作后,您将可以生成两个文件:
  wem.pem
邮件服务器使用的证书和私钥文件,此文件必须被放置在WinWebMail的安装目录下。(重启WinWebMail服务程序后生效)
  caroot.cer
分发给各个客户,要求其导入客户端机器的证书。具体的证书导入可以参照相关客户端软件的帮助文档(以Outlook,Outlook Express为例,只要双击证书,再点击安装证书按钮即可)。


执行以下程序时,您只需要了解两点:
    1. 您的服务器地址,这是最重要的!也就是Common Name部分需要输入的内容,Common Name必须和服务器正确的主机名以及客户端软件设置部分填写的服务器主机名保持一致,才能让客户端信任此证书。
    2. 证书口令。

注意
  ·红色绿色是最重要的部分,即需要输入您的服务器地址。
  ·深蓝色是要求输入内容的部分。

  ·其他的部分如果要求用户输入时,您只需要直接回车即可。


C:\sslca>ca
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
...++++++
..++++++
writing new private key to 'ca\private\CAkey.pem'

Enter PEM pass phrase:(输入口令,必填项)
Verifying - Enter PEM pass phrase:(输入口令,必填项)
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----

Country Name (2 letter code) [CN]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, ip address, website) []:192.168.0.1 (输入服务器地址,必填项)
Email Address []:
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
...........................................................++++++
...............................++++++
writing new private key to 'ca\temp\server\server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----

Country Name (2 letter code) [CN]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, ip address, website) []:192.168.0.1 (输入服务器地址,必填项)
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from openssl.conf
Loading 'screen' into random state - done
Enter pass phrase for ca\private\CAkey.pem:(输入口令,必填项)
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'Some-State'
organizationName :PRINTABLE:'Internet Widgits Pty Ltd'
commonName :PRINTABLE:'192.168.0.1'
Certificate is to be certified until Apr 22 06:00:08 2005 GMT (365 days)
Sign the certificate? [y/n]:y (确认信息,必须填“y”)


1 out of 1 certificate requests certified, commit? [y/n]y (确认信息,必须填“y”)
Write out database with 1 new entries
Data Base Updated

本文由山坛兄弟原创或编辑,转载请保留链接【Winwebmail如何创建TLS/SSL证书实现安全连接?】http://flagpatternmaker.com/email/224.html 上一篇: CENTOS如何YUM安装NGINX?
下一篇:伪装报价咨询的垃圾邮件开始盛行
目前有 0 条评论