|
How To Install and Enable SSL & TLS Support for DocuShare SMTP Service
Note: This applies to DocuShare 6.6.x and 7.x. This article provides instruction
on installing, enabling, and deleting SSL and TLS certificates for DocuShare
SMTP service.
Installing SSL/TLS Certificates
- Stop
DocuShare.
- Obtain
a certificate file from an SMTP mail vendor by going to http://slproweb.com/products/Win32OpenSSL.html
and downloading the Windows version of openssl.
- Install
openssl in the C:\OpenSSL-Win32
folder of your server.
- Open
a DOS command window and run:
C:>cd
C:\OpenSSL-Win32\bin
C:\OpenSSL-Win32\bin>set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg
- Run
one of the following commands to obtain either an SSL or a TLS
certificate:
·
For an SSL
certificate, run
C:\OpenSSL-Win32\bin>openssl s_client -connect <your smtp server
address:your smtp server port> -showcerts.
For example, using Gmail with 465 as the SSL port:
C:\OpenSSL-Win32\bin>openssl s_client -connect smtp.gmail.com:465
-showcerts.
·
For a TLS
certificate, run
C:\OpenSSL-Win32\bin>openssl s_client -connect <your smtp server
address:your smtp server port> -starttls -showcerts.
For example, using Gmail with 587 as the TLS port:
C:\OpenSSL-Win32\bin>openssl s_client -connect smtp.gmail.com:587 -starttls
smtp -showcerts.
- Copy
the text starting with -----BEGIN
CERTIFICATE----- and ending with -----END CERTIFICATE-----, and save it as a certificate file with suffix “.cer”.
Note: If there is a
multiple certificate chain, copy and save each certificate into individual
files; such as yyy1.cer, yyy2.cer, etc.
- Copy
the SSL or the TLS certificate file into the <dshome>/jdk1.6.0/bin
folder.
Where
<dshome> is replaced with the installation directory for DocuShare. The default installation path is
C:\Xerox\Docushare. Depending on your
installation environment the path may vary.
- From
a DOS window, run keytool -import
-trustcacerts -file you_mail_server.cer -alias mykey -keystore
../jre/lib/security/cacerts.
- Type
changeit at the password
prompt.
- At
the prompt, reply yes.
- From
a DOS window, run keytool -import
-trustcacerts -file you_mail_server.cer -alias mykey -keystore
../jre/lib/security/dstruststore.
- Enter
password at the password prompt.
- At
the prompt, reply yes.
- Start DocuShare.
Enabling SSL or TLS for DocuShare
SMTP Service
Warning: After completion of this procedure, DocuShare uses the newly
configured email account settings to send all system emails; bypassing the
previous email settings for subscription, workflow, and life cycle manager. To
disable this new setting, refer to next section; Disabling SSL or TLS for
DocuShare SMTP Service.
- Stop DocuShare.
- Open a DOS command window.
- Change into the <dshome>/bin directory.
- Run dsemailService.bat.
Note: If you are running Linux/Solaris, run
dsemailService.sh. Both commands create
an emailservice.properties file.
- Reply Yes when asked to configure your email
server SMTP.
- Supply SMTP information as prompted:
- SMTP Host:
your SMTP server address
- SMTP Port: your
SMTP server port
- SMTP Type:
reply 0 (SMTP-SSL) to enable SSL, 1 (SMTP-TLS) for TLS or 2(SMTP) to use
unencrypted connection
- SMTP Email Account: your
email account. Leave this field empty if your email server does not
require authentication (Type in one or more spaces to remove the old
value)
- SMTP Email Password:
your email account password, leave it empty if your email server does not
requires authentication (Type in one or more spaces to remove old value).
- SMTP Sender:
reply 1 (No) only if your email account has permission to send mails on
behalf of others, otherwise reply 0 (AGENT)
- SMTP Timeout: default
value is 30000
- SMTP Connection Timeout: default value is 10000
- Reply Yes to update the new configuration.
This updates
the emailservice.properties file, synchronizes the value of the SMTP Host/Port
in dscommon.properties, and synchronizes the value of the SMTP Timeout/Connection
Timeout in subscription.properties.
- Start DocuShare.
Solution Updated: October 19th, 2015
Solution ID: 1621
| 
