Tech Tips: Setting up Let’s Encrypt SSL/TLS Certificates in MailStore Server
As we’re sure you already know, our Tech Tips blog series aims to provide interested parties, customers, and partners with detailed information on selected product features of MailStore Server. As well as providing background information, the video features a brief live demo on technical issues relating to implementation.
In this Tech Tip, we’re going to show you how you can request Let’s EncryptTM certificates in MailStore Server.
Why Use SSL/TLS Certificates at All?
International Computer Security Day is an annual reminder that IT security is becoming more important all the time. But that’s not all: here at MailStore, we’ve embraced a policy of security by default to help our customers put adequate security measures in place. We also believe it’s our job to raise awareness for key topical issues, and this was the thinking behind our MailStore Customer Security Awareness Initiative.
In this Tech Tip, we’ll show you how you can use SSL/TLS certificates from Let’s Encrypt to encrypt highly sensitive data such as user IDs and passwords, as well as email content so that they remain inaccessible to third parties during data transfer, e.g. when accessing an archive. This is especially important when using a mobile device, and works even in unprotected networks. By this means, accessing archived emails becomes safer and you can avoid man-in-the-middle (MITM) attacks, especially at hotspots such as those commonly found in airports or railroad stations.
If you’ve ever used an unsecured connection to access your archive – either via the Outlook Add-in or a web browser – or are unsure how to recognize an unsecured connection, it’s essential that you read up on certificates in general.
Why Use Let’s Encrypt SSL/TLS Certificates in Particular?
Let’s Encrypt offers free, trusted certificates for Transport Layer Security (TLS) encryption that are really easy to use. You have the option of automatically generating and renewing trusted certificates for use with MailStore Server. Once set up correctly, you don’t need to renew your certificates manually – after 60 days, the MailStore Server software automatically takes care of the renewal process via a dedicated interface.
Alternatively, there is the possibility to use the Installer to create self-signed certificates or access existing certificates, as before.
Please note, however, that you will need to adjust certain network settings in order to obtain a certificate from Let’s Encrypt, and these are as follows:
- A public DNS record for the MailStore Server computer (server) must exist and point to the computer’s public IP address.
- Let’s Encrypt’s automatic validation process must be able to access the MailStore Server computer via the Internet on TCP Port 80 (HTTP).
Implementation in MailStore Server
MailStore Server has been offering automated support of the digital certificates from Let’s Encrypt since version 12. To benefit from this you should replace the default, self-signed MailStore Server certificates with certificates issued by the trusted Let’s Encrypt certificate authority. You can request these via MailStore Server’s Service Configuration as follows:
In our Online Help, you’ll find detailed, step-by-step instructions on how to obtain and use Let’s Encrypt certificates with MailStore Server.
Once you’ve configured your system correctly and obtained your certificate from Let’s Encrypt, you’ll be able to access MailStore Server safely from a supported client – for example the Outlook Add-in or a web browser – and avoid the certificate warning messages shown above.