This guide is intended as a development guide and reference for enabling the SSL portions of the Zarafa Outlook Client on ClearOS.
Most of the certificate material that currently exists under ClearOS 6.x is as it should be except that Zarafa server will want a 'pem' file for server certificate which is merely a combination of the key and the cert. Perform the following:
cat /etc/pki/tls/private/localhost.key /etc/pki/tls/certs/localhost.crt > /etc/pki/tls/certs/localhost.pem chmod 600 /etc/pki/tls/certs/localhost.pem
Zarafa will also want a directory which contains client public keys if you are using an ultra-secure method for authentication. We won't address that here but the directory needs to exist nevertheless:
A known bug exists that crashes Zarafa is this directory has anything in it except certificates. It is untested whether that bug affects this version of Zarafa on ClearOS. Best to just leave it blank.
Backup and modify the /etc/zarafa/server.cfg file. The parameters in question are:
server_ssl_enabled = no server_ssl_key_file = /etc/zarafa/ssl/server.pem server_ssl_key_pass = replace-with-server-cert-password server_ssl_ca_file = /etc/zarafa/ssl/cacert.pem server_ssl_ca_path = sslkeys_path = /etc/zarafa/sslkeys
We will change these to:
server_ssl_enabled = yes server_ssl_key_file = /etc/pki/tls/certs/localhost.pem server_ssl_key_pass = server_ssl_ca_file = /etc/pki/tls/certs/ca-bundle.crt server_ssl_ca_path = sslkeys_path = /etc/zarafa/sslkeys
Effectively, once the certs exist and the path exists, the only parameters which need to change are:
The field in the Zarafa Server module which activates this change should be called something like a checkbox which may say “Enable Zarafa Client SSL access”
When this is done, the server should:
With the SSL enabled, the regular port 236 still works. Enabling SSL causes the Zarafa service to run on the default port of 237. This port should be opened on the incoming firewall rules.
Once this setting is set, a simple reload of the service will NOT work. In fact, changing this setting seem to cause chaos with a restart and will often crash. Stopping the zarafa-server service utterly and then starting again after a brief period seems to solve this issue.