Home.... | log in.... | Pub my question! | Sign-up....

Java-index >> E-Mail, Calendar, & Collaboration >> Sun Java System Messaging Server

SSL on frontend MMP

Hi,

I want to activate SSL for POP on the frontend MMP.

Thas it the connection from MMP to store is not SSL, but client to MMP is through SSL.

From the documentation it seems we have to install a cert on the MMP and the cert on the store will not do this.

Is there a procedure to configure SSL on MMP? The config file of MMP is not so clear....

msg_admin

[393 byte] By [msg_admin] at [2007-11-26 11:43:56]

«« seek help about AM can not load amserver module
»» Sample application : Loop after successful login

# 1

Hi,Sorry i forgot to mention I am using iMS 5.2 hf 2.09 msg_admin

msg_admin at 2007-7-7 11:52:05 >

top of Java-index,E-Mail, Calendar, & Collaboration,Sun Java System Messaging Server...

# 2

Hi,If you want to disable SSL communication between the MMP and the store when a client connections using SSL, you can do so by setting the MMP option default:SSLBacksidePort to 0 in PopProxyAService.cfg.Regards,Shane.

shane_hjorth at 2007-7-7 11:52:05 >

# 3

Hi,Where do i need to install a cert?ON MMP or store.I have already installed a cert on backend store server which is using it for https. Do i need to install another cert on MMP to configure SSL?msg_admin

msg_admin at 2007-7-7 11:52:05 >

# 4

My cert vendor is asking whether the PEM cert encoding is PKCS#7 or raw DER? as required by iMS5.2 hf2.09 ?What should I answer?Rgds

msg_admin at 2007-7-7 11:52:05 >

# 5

You need to install the cert on your MMP, that's where the SSL is being done.It should be willing to take either form.

jay_plesset at 2007-7-7 11:52:05 >

# 6

Hi,

I installed the cert from the console of the iMS 5.2 hf 2.09 mmp. This installs the cert into /iplanet/ims52/alias

The cfg file of POPMMP PopProxyAService.cfg has following SSL params

# SSL configuration

default:SSLEnable yes

default:SSLPorts 995

default:SSLSecmodFile/iplanet/iMS52/mmp-pxmta/secmodule.db

default:SSLCertFile/iplanet/iMS52/mmp-pxmta/cert7.db

default:SSLKeyFile/iplanet/iMS52/mmp-pxmta/key3.db

default:SSLKeyPasswdFile /iplanet/iMS52/mmp-pxmta/sslpassword.conf

default:SSLCipherSpecsall

default:SSLCertNicknames Server-Cert

default:SSLCacheDir/iplanet/iMS52/mmp-pxmta/cache

#default:SSLBacksidePort995

default:SSLBacksidePort0

Changed the last param to zero ...as my backend store does not use SSL

B'cz all the db files are shown inside mmp-instance directory I linked the actual db files from the actual paths

pxmta#> pwd

/iplanet/iMS52/mmp-pxmta

pxmta#> ls -ltr

total 150

-rwxr-x1 mailsrv ipgroup1482 Aug 24 2005 AService.rc

-rwxr-x1 mailsrv ipgroup5508 Oct 24 2005 ImapProxyAService.cfg

drwxr-x2 mailsrv ipgroup29696 Nov 28 14:01 log

-rw-r--r--1 rootother2285 Nov 28 14:15 AService.cfg

lrwxrwxrwx1 rootother 30 Nov 28 15:11 secmodule.db -> /iplanet/iMS52/alias/secmod.db

lrwxrwxrwx1 rootother 38 Nov 28 15:12 key3.db -> /iplanet/iMS52/alias/msg-pxmta-key3.db

lrwxrwxrwx1 rootother 39 Nov 28 15:13 cert7.db -> /iplanet/iMS52/alias/msg-pxmta-cert7.db

lrwxrwxrwx1 rootother 48 Nov 28 15:13 sslpassword.conf -> /iplanet/iMS52/msg-pxmta/config/sslpassword.conf

-rwxr-x1 mailsrv ipgroup5634 Nov 28 16:12 PopProxyAService.cfg

-rw-r--r--1 rootother 5 Nov 28 16:12 pidfile

drwxr-xr-x2 mailsrv ipgroup512 Nov 28 16:12 cache

I created the last directory cache as it was not there by defualt..

After this I restarted the mmp services checked the client POP over SSL with Outlook express. It worked.

logs showed

20061128 161252 PopProxyAService.cfg ASock_SSLInit: no CA names, not requesting peer certs

20061128 161253 PopProxyAService.cfg Multiplexor started

during pop connection

20061128 161829 PopProxyAService.cfg (sid 0x3debbc) session start, client IP 10.25.105.136:2710, server IP 10.25.105.30:995

Thanks

msg_admin

msg_admin at 2007-7-7 11:52:05 >

# 7

Sounds like it's working.

jay_plesset at 2007-7-7 11:52:05 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

SSL on frontend MMP

E-Mail, Calendar, & Collaboration New Topic

E-Mail, Calendar, & Collaboration Hot Topic

E-Mail, Calendar, & Collaboration

All Classified