SSL configuration
This context allows you to configure the SSL settings for this listener. To enable SSL on the configured listener check the box in front of the Enable SSL for this listener option.
Use the checkboxes available under the Allow the following SSL versions section to specify the SSL versions to be used by AXIGEN Mail Server. Possible values are: SSL2, SSL3 and TLS1. While SSL 3 and TLS1 are the most recent versions you can use any combination of these you may find useful. All three versions are enabled by default.
Path to certificate file/authorities
For all SSL / TLS connections a certificate file (containing the certificate chain used for the current listener) is a mandatory field that must be addressed with the use of the Path to certificate file attribute. The certificate chain refers to a chain of intermediate certificate issuers, that is, Certificate Authority certificates that are followed while verifying the remote server certificate.By default, on all supported operating systems and platforms AXIGEN's initscript will create, at first run, a self-signed certificate automatically saved in the data directory with the axigen_cert.pem name.
If you have another certificate file, provided by an authority, you can enter the path to this certificate and also provide the Path to certificate authorities. AXIGEN must be able to access these locations.
Additional attributes such as the Path to DH (Diffie-Hellman) parameter, Max chain verification depth, Cipher suite, Ephemeral Key and certificate-based authentication requests can be used for more specific implementations.
Use the Path to DH (Diffie-Hellman) parameter file to specify the path in local file system to the file containing the (OpenSSL) Diffie-Hellman parameter used by this listener. If keyword value "none" is used no file will be used. The Diffie-Hellman key agreement protocol (also called exponential key agreement) allows two users to exchange a secret key over an insecure medium without any prior secrets. Find more information about this protocol and how to configure this protocol, on the RSA Laboratories website.
Use the Max. chain verification depth field to specify the depth of verification for the certificate chain. The depth refers the maximum number of intermediate certificate issuers i.e. the maximum number of CA certificates which are allowed to be followed when verifying the remote server certificate. For instance, a depth of 1 means the remote server certificate can be self-signed or has to be signed by a CA which is directly known to the server. The default value of 4 means that 4 intermediate certificate issuers are accepted.
AXIGEN implements cipher suites active in OpenSSL, except for idea, rc5 and mdc2. Click here to see the corresponding OpenSSL documentation file listing ciphers and their OpenSSL equivalents.
Tick the Use ephemeral key check-box to specify whether ephemeral keys should be used or not. This option allows generating ephemeral keys which actually transform all keys exchanged during one connection session into ephemeral keys (valid only for the current connection).
Use the Request certificate-based authentication from client option to specify if client certificate-based authentication should be requested or not.
When you are done configuring these parameters remember to hit the Save Configuration button to preserve your changes.