Administrator's Guide - Kerio Software Archive
Share Embed Flag
Download ePaper

Administrator's Guide - Kerio Software Archive

Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive

download.kerio.com
from download.kerio.com More from this publisher
11.07.2015 Views

Chapter 36 Support for ActiveSync• Symbian S60 3rd Edition,• Palm OS (synchronization is available for email only),• Java MIDP 2.0 (synchronization is available for email only),For details on RoadSync and supported devices, see the DataViz website athttp://www.dataviz.com/.36.4 SSL encryptionFor the traffic, ActiveSync uses the HTTP or the HTTPS protocol.Warning: For security reasons, it is recommended to synchronize only by the HTTPS protocol,since ActiveSync uses only unencrypted user login data for authentication at the server.For description on encryption of services running in Kerio MailServer, see chapter 10. Thismethod requires a valid SSL certificate installed on the device.The following conditions must be met to make certificates valid:• The certificate must be issued by a trustworthy certification authority. Trustworthy meansthat the mobile device needs to know the server’s root certificate. Windows Mobile includesroot certificates of several certification authorities. List of these authorities can be foundat the Microsoft Corporation website.• Date of the certificate must be valid and correct date and time must be set in the device.• The certificate must include a valid name of the email domain for which Kerio MailServeris used.Valid certificates for encrypted traffic can be either certificates issued by trustworthy certificationauthorities (these certificates can be quite expensive, however, they avoid possible installationdifficulties) or a certificate issued by an internal certification authority or a so-calledself-signed certificate generated in Kerio MailServer (for details, see chapter 10).In case of certificates issued by a trusted certification authority, no settings or installations arerequired. In cases of internal certificates or self-signed certificates, the root certificate mustbe installed on the device.Windows Mobile requires certificate encoded in the DER X.509 format. The .cer extension isrequired. The simpliest method to get and install a certificate is to download it to the deviceby a browser.Kerio MailServer’s self-signed certificate in the required format is available athttp://server_name/server.cerOn devices with Windows Mobile 2002, traffic can be performed only by HTTPS. The unencryptedversion of the protocol is not supported. It is also necessary that Kerio MailServerauthenticates with a certificate authorized by a trustworthy certification authority. This canbe either a certificate authorized by a supported commercial certification authority (certificatesissued by VeriSign, CyberTrust, Thawte and Entrust are supported) or a root certificateof the authority which issued the certificate for Kerio MailServer can be installed on the device(for details, see section Allowing installation of a root certificate in WM 2002).368

36.4 SSL encryptionWarning: It is not possible to install the Kerio MailServer’s self-signed certificate on WindowsMobile 2002. It is only possible to use root certificates authorized by at least one internalauthority.Since Windows Mobile 2003, ActiveSync configuration includes an option to enable/disable SSLencryption. However, it is strongly recommended to use the SSL encryption since only thebasic authentication method is used for user authentication within the synchronization (noencryption is used for the login data transfers so the data can be easily misused).Since Windows Mobile 2003, installation of the self-signed certificate on mobile devices is verysimple. The instructions can be found in section Installation of the Kerio MailServer’s selfsignedroot certificate.Warning: Security rules in Smartphone devices with Windows Mobile 2005 forbid installationof new root certificates. In such cases, it is necessary to enable installation of root certificatesin the device registry first (the instructions are provided below).Installation of the Kerio MailServer’s self-signed certificateThe Kerio MailServer’s self-signed certificate can be installed as described below:1. To install the certificate on Windows Mobile 2002 or on Windows Mobile 5.0 SmartphoneEdition, follow the instructions provided in sections Allowing installation of a root certificatein WM 2002 and Allowing installation of a root certificate in WM 5.0 SmartphoneEdition. In other cases, start the installation by step 2.2. On the mobile device, run a web browser.3. In the URl textfield, enter the server’s address following the patternhttp://server_name/server.cer(e.g. http://mail.company.com/server.cer)orhttps://server_name/server.cer(e.g. https://mail.company.com/server.cer)4. A dialog is displayed asking whether the certificate should be downloaded to the device.Click OK to confirm the action.5. Next, you’ll be asked whether the certificate should be installed and used. Again, click onthe OK button.Now, the certificate is installed.369

36.4 SSL encryptionWarning: It is not possible to install the <strong>Kerio</strong> MailServer’s self-signed certificate on WindowsMobile 2002. It is only possible to use root certificates authorized by at least one internalauthority.Since Windows Mobile 2003, ActiveSync configuration includes an option to enable/disable SSLencryption. However, it is strongly recommended to use the SSL encryption since only thebasic authentication method is used for user authentication within the synchronization (noencryption is used for the login data transfers so the data can be easily misused).Since Windows Mobile 2003, installation of the self-signed certificate on mobile devices is verysimple. The instructions can be found in section Installation of the <strong>Kerio</strong> MailServer’s selfsignedroot certificate.Warning: Security rules in Smartphone devices with Windows Mobile 2005 forbid installationof new root certificates. In such cases, it is necessary to enable installation of root certificatesin the device registry first (the instructions are provided below).Installation of the <strong>Kerio</strong> MailServer’s self-signed certificateThe <strong>Kerio</strong> MailServer’s self-signed certificate can be installed as described below:1. To install the certificate on Windows Mobile 2002 or on Windows Mobile 5.0 SmartphoneEdition, follow the instructions provided in sections Allowing installation of a root certificatein WM 2002 and Allowing installation of a root certificate in WM 5.0 SmartphoneEdition. In other cases, start the installation by step 2.2. On the mobile device, run a web browser.3. In the URl textfield, enter the server’s address following the patternhttp://server_name/server.cer(e.g. http://mail.company.com/server.cer)orhttps://server_name/server.cer(e.g. https://mail.company.com/server.cer)4. A dialog is displayed asking whether the certificate should be downloaded to the device.Click OK to confirm the action.5. Next, you’ll be asked whether the certificate should be installed and used. Again, click onthe OK button.Now, the certificate is installed.369

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!