Navigation:  Setup Menu > Web & IM Services > WorldClient (web mail) > WorldClient (web mail) >

SSL & HTTPS

Print this Topic Previous pageReturn to chapter overviewNext page

MDaemon's built-in web server supports the Secure Sockets Layer (SSL) protocol. The SSL protocol, developed by Netscape Communications Corporation, is the standard method for securing server/client web communications. It provides server authentication, data encryption, and optional client authentication for TCP/IP connections. Further, because HTTPS support (i.e. HTTP over SSL) is built into all current major browsers, simply installing a valid digital certificate on your server will activate the connecting client's SSL capabilities.

The options for enabling and configuring WorldClient to use HTTPS are located on the SSL & HTTPS screen under Setup » Web & IM Services » WorldClient (web mail)". For your convenience, however, these options are also mirrored under "Security » Security Settings » SSL & TLS » WorldClient".

For more information on the SSL protocol and Certificates, see: SSL & Certificates

This screen only applies to WorldClient when using MDaemon's built-in web server. If you configure WorldClient to use some other web server such as IIS, these options will not be used SSL/HTTPS support will have to be configured using your the other web server's tools.

Accept the following types of connections

HTTP only

Choose this option if you do not wish to allow any HTTPS connections to WorldClient. Only HTTP connections will be accepted.

HTTP and HTTPS

Choose this option if you want to enable SSL support within WorldClient, but do not wish to force your WorldClient users to use HTTPS. WorldClient will listen for connections on the HTTPS port designated below, but it will still respond to normal http connections on the WorldClient TCP port designated on the Web Server screen of WorldClient (web mail).

HTTPS only

Choose this option if you wish to require HTTPS when connecting to WorldClient. WorldClient will respond only to HTTPS connections when this option is enabled — it will not respond to HTTP requests.

HTTP redirects to HTTPS

Choose this option if you wish to redirect all HTTP connections to HTTPS on the HTTPS port.

HTTPS port

This is the TCP port that WorldClient will listen to for SSL connections. The default SSL port is 443. If the default SSL port is used, you will not have to include the port number in WorldClient's URL when connecting via HTTPS (i.e. "https://example.com" is equivalent to "https://example.com:443").

This is not the same as the WorldClient port that is designated on the Web Server screen of WorldClient (web mail). If you are still allowing HTTP connections to WorldClient then those connections must use that other port to connect successfully. HTTPS connections must use the HTTPS port.

Certificates

This box displays your SSL certificates. Single-click a certificate in this list to designate it as the certificate that you wish WorldClient to use. Double-click a certificate to open it in the Certificate dialog to review its details or edit it.

MDaemon does not support multiple certificates for WorldClient. All WorldClient domains must share a single certificate. If you have more than one WorldClient domain then enter those domain names (and any others that you wish to use to access WorldClient) into the option called "Alternative host names (separate multiple entries with a comma)" outlined below.

Delete

Select a certificate in the list and then click this button to delete it. A confirmation box will open and ask you if you are sure that you want to delete the certificate.

Host name

When creating a certificate, enter the host name to which your users will connect (for example, "wc.example.com").

Organization/company name

Enter the organization or company that "owns" the certificate here.

Alternative host names (separate multiple entries with a comma)

MDaemon does not support multiple certificates — all WorldClient domains must share a single certificate. If there are alternative host names to which users may be connecting and you want this certificate to apply to those names as well, enter those domain names here separated by commas. Wildcards are permitted, so "*.example.com" would apply to all sub domains of example.com (for example, "wc.example.com", " mail.example.com", and so on).

Encryption key length

Choose the desired bit-length of the encryption key for this certificate. The longer the encryption key the more secure the transferred data will be. Note, however, that not all applications support key lengths longer than 512.

Country/region

Choose the country or region in which your server resides.

Create Certificate

After entering the information into the above controls, click this button to create your certificate.

Restart web server

Click this button to restart the web server. The web server must be started before new certificates will be used.

See: