Deploying a Self-signed SSL Certificate


During the installation of MailStore Server, an SSL certificate is generated which is used by all MailStore components if an encrypted connection is to be established. Because the certificate is issued to the server name MailStoreServer and does not originate from a trusted certification authority (CA), it is not trusted by the client side.

Because of this, the following warning message appears when calling up MailStore Web Access via HTTPS (SSL):

This article describes the option to deploy self-signed certificates using a group policy. An alternative is to use officially signed SSL certificates issued by your own company CA or a trusted external certificate authority, such as VeriSign or eTrust, which is described in chapter Using Your Own SSL Certificate.

To configure MailStore Server and your clients for using a self-signed certificate, please proceed as described in the following.

Creating a Self-Signed Certificate

The self-signed certificate created during the installation of MailStore Server is issued to the server name MailStoreServer.

If the DNS host name of the server does not correspond to MailStoreServer and if no corresponding A- or CNAME record exists on the DNS server, first a new self-signed certificate with the appropriate host name must be created. Please proceed as follows:

Deploying a Self-Signed Certificate

Before the self-signed certificate can be deployed, it must be exported from the current certificate store. Please proceed as follows:

Once the certificate has been exported to a file, create a group policy as described in chapters MailStore Client Deployment or MailStore Outlook Add-in Deployment and to deploy the certificate customize it as follows:

The group policy will be enabled once the workstation is restarted.


Article ID: 360
Created On: Fri, Jan 10, 2014 at 6:00 AM
Last Updated On: Fri, Jan 10, 2014 at 6:00 AM
Authored by: KB Admin01 []

Online URL: