Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Chapter 36 Support for ActiveSync• Symbian S60 3rd Edition,• Palm OS (synchronization is available for email only),• Java MIDP 2.0 (synchronization is available for email only),For details on RoadSync and supported devices, see the DataViz website athttp://www.dataviz.com/.36.4 SSL encryptionFor the traffic, ActiveSync uses the HTTP or the HTTPS protocol.Warning: For security reasons, it is recommended to synchronize only by the HTTPS protocol,since ActiveSync uses only unencrypted user login data for authentication at the server.For description on encryption of services running in Kerio MailServer, see chapter 10. Thismethod requires a valid SSL certificate installed on the device.The following conditions must be met to make certificates valid:• The certificate must be issued by a trustworthy certification authority. Trustworthy meansthat the mobile device needs to know the server’s root certificate. Windows Mobile includesroot certificates of several certification authorities. List of these authorities can be foundat the Microsoft Corporation website.• Date of the certificate must be valid and correct date and time must be set in the device.• The certificate must include a valid name of the email domain for which Kerio MailServeris used.Valid certificates for encrypted traffic can be either certificates issued by trustworthy certificationauthorities (these certificates can be quite expensive, however, they avoid possible installationdifficulties) or a certificate issued by an internal certification authority or a so-calledself-signed certificate generated in Kerio MailServer (for details, see chapter 10).In case of certificates issued by a trusted certification authority, no settings or installations arerequired. In cases of internal certificates or self-signed certificates, the root certificate mustbe installed on the device.Windows Mobile requires certificate encoded in the DER X.509 format. The .cer extension isrequired. The simpliest method to get and install a certificate is to download it to the deviceby a browser.Kerio MailServer’s self-signed certificate in the required format is available athttp://server_name/server.cerOn devices with Windows Mobile 2002, traffic can be performed only by HTTPS. The unencryptedversion of the protocol is not supported. It is also necessary that Kerio MailServerauthenticates with a certificate authorized by a trustworthy certification authority. This canbe either a certificate authorized by a supported commercial certification authority (certificatesissued by VeriSign, CyberTrust, Thawte and Entrust are supported) or a root certificateof the authority which issued the certificate for Kerio MailServer can be installed on the device(for details, see section Allowing installation of a root certificate in WM 2002).368
36.4 SSL encryptionWarning: It is not possible to install the Kerio MailServer’s self-signed certificate on WindowsMobile 2002. It is only possible to use root certificates authorized by at least one internalauthority.Since Windows Mobile 2003, ActiveSync configuration includes an option to enable/disable SSLencryption. However, it is strongly recommended to use the SSL encryption since only thebasic authentication method is used for user authentication within the synchronization (noencryption is used for the login data transfers so the data can be easily misused).Since Windows Mobile 2003, installation of the self-signed certificate on mobile devices is verysimple. The instructions can be found in section Installation of the Kerio MailServer’s selfsignedroot certificate.Warning: Security rules in Smartphone devices with Windows Mobile 2005 forbid installationof new root certificates. In such cases, it is necessary to enable installation of root certificatesin the device registry first (the instructions are provided below).Installation of the Kerio MailServer’s self-signed certificateThe Kerio MailServer’s self-signed certificate can be installed as described below:1. To install the certificate on Windows Mobile 2002 or on Windows Mobile 5.0 SmartphoneEdition, follow the instructions provided in sections Allowing installation of a root certificatein WM 2002 and Allowing installation of a root certificate in WM 5.0 SmartphoneEdition. In other cases, start the installation by step 2.2. On the mobile device, run a web browser.3. In the URl textfield, enter the server’s address following the patternhttp://server_name/server.cer(e.g. http://mail.company.com/server.cer)orhttps://server_name/server.cer(e.g. https://mail.company.com/server.cer)4. A dialog is displayed asking whether the certificate should be downloaded to the device.Click OK to confirm the action.5. Next, you’ll be asked whether the certificate should be installed and used. Again, click onthe OK button.Now, the certificate is installed.369
- Page 317 and 318: 31.5 Page headerFigure 31.4Web Admi
- Page 319 and 320: 31.6 Welcome pageLocalizations of K
- Page 321 and 322: 31.7 User accountsFigure 31.8Templa
- Page 323 and 324: 31.7 User accountsFigure 31.10User
- Page 325 and 326: 31.7 User accountsFigure 31.12User
- Page 327 and 328: 31.8 User groupsMove user’s messa
- Page 329 and 330: 31.8 User groupsFigure 31.16Group a
- Page 331 and 332: 31.9 AliasesPublish this group info
- Page 333 and 334: 31.9 AliasesFigure 31.20Alias creat
- Page 335 and 336: 32.1 Kerio Outlook Connector (Offli
- Page 337 and 338: 32.1 Kerio Outlook Connector (Offli
- Page 339 and 340: 32.1 Kerio Outlook Connector (Offli
- Page 341 and 342: 32.2 Kerio Outlook ConnectorFigure
- Page 343 and 344: 32.2 Kerio Outlook ConnectorTIP: If
- Page 345 and 346: 32.2 Kerio Outlook ConnectorFigure
- Page 347 and 348: 32.2 Kerio Outlook ConnectorFigure
- Page 349 and 350: 32.2 Kerio Outlook ConnectorUse the
- Page 351 and 352: 32.2 Kerio Outlook ConnectorFigure
- Page 353 and 354: 32.2 Kerio Outlook ConnectorNote: I
- Page 355 and 356: 33.1 Installation• MS Outlook 200
- Page 357 and 358: 33.1 InstallationNote: Kerio Synchr
- Page 359 and 360: 34.2 Windows Calendar34.2 Windows C
- Page 361 and 362: Chapter 35CalDAV supportSince 6.5.0
- Page 363 and 364: Chapter 36Support for ActiveSyncSup
- Page 365 and 366: 36.2 Supported versions of ActiveSy
- Page 367: 36.3 RoadSyncabcdeDevice typeEmail
- Page 371 and 372: 36.5 Remote deletion of the device
- Page 373 and 374: 36.6 Removing a device from the adm
- Page 375 and 376: 36.8 Troubleshooting36.8 Troublesho
- Page 377 and 378: Chapter 37Support for BlackBerry vi
- Page 379 and 380: If any problem occurs regarding com
- Page 381 and 382: Chapter 40Kerio Sync Connector for
- Page 383 and 384: Figure 40.2Log settings in Kerio Sy
- Page 385 and 386: Apple Mail options and settings are
- Page 387 and 388: 42.1 Email42.1 EmailOn Apple iPhone
- Page 389 and 390: 43.1 Contacts43.1 ContactsUSAKerio
- Page 391 and 392: Nokia ® and Mail for Exchange ® a
- Page 393 and 394: arising from, out of or in connecti
- Page 395 and 396: Glossary of termsApplication protoc
- Page 397 and 398: MX RecordsOne of the record types t
- Page 399 and 400: IndexAaccess rightsgroups 131accoun
- Page 401 and 402: mailing lists 220MAPI 396master aut
- Page 403: 403
36.4 SSL encryptionWarning: It is not possible to install the <strong>Kerio</strong> MailServer’s self-signed certificate on WindowsMobile 2002. It is only possible to use root certificates authorized by at least one internalauthority.Since Windows Mobile 2003, ActiveSync configuration includes an option to enable/disable SSLencryption. However, it is strongly recommended to use the SSL encryption since only thebasic authentication method is used for user authentication within the synchronization (noencryption is used for the login data transfers so the data can be easily misused).Since Windows Mobile 2003, installation of the self-signed certificate on mobile devices is verysimple. The instructions can be found in section Installation of the <strong>Kerio</strong> MailServer’s selfsignedroot certificate.Warning: Security rules in Smartphone devices with Windows Mobile 2005 forbid installationof new root certificates. In such cases, it is necessary to enable installation of root certificatesin the device registry first (the instructions are provided below).Installation of the <strong>Kerio</strong> MailServer’s self-signed certificateThe <strong>Kerio</strong> MailServer’s self-signed certificate can be installed as described below:1. To install the certificate on Windows Mobile 2002 or on Windows Mobile 5.0 SmartphoneEdition, follow the instructions provided in sections Allowing installation of a root certificatein WM 2002 and Allowing installation of a root certificate in WM 5.0 SmartphoneEdition. In other cases, start the installation by step 2.2. On the mobile device, run a web browser.3. In the URl textfield, enter the server’s address following the patternhttp://server_name/server.cer(e.g. http://mail.company.com/server.cer)orhttps://server_name/server.cer(e.g. https://mail.company.com/server.cer)4. A dialog is displayed asking whether the certificate should be downloaded to the device.Click OK to confirm the action.5. Next, you’ll be asked whether the certificate should be installed and used. Again, click onthe OK button.Now, the certificate is installed.369