Are there any differences between server and user SSL certificates?
Posted by - NA -, Last modified by Marek Puverle on 14 May 2015 08:08 AM
Yes, they are required for different processes.
Server Certificates required on servers that wish to communicate using an SSL/TLS encrypted connection.
User certificates allow a single user to digitally sign, and optionally encrypt, his emails so that a recipient can confirm the email is genuine by checking the signature with the issuing Certificate Authority.
Server SSL Certificates
Icewarp Email server can be configured to only accept SSL/TLS encrypted connections but this requires the presence of an SSL Certificate. One SSL Certificate is installed by default, allowing SSL connections to be made. However, this certificate is not signed by any of the issuing Certificate Authorities (Verisign, Thawte etc.) so your users may be presented with the following Security Alert (or similar) when accessing WebMail.
Clicking Yes will allow the User to access WebMail
Clicking No will block the access to WebMail
Clicking View Certificate will take the user to a dialog like this
If the user is happy to accept the certificate he can click Install Certificate to accept this certificate for this server in the future. An Import Wizard will guide the user through the process.
NOTE - the installed certificate is only considered valid for the one server, if you have multiple Icewarp Email servers that this user accesses he will be presented with the Security Alert for other servers with the same certificate!
User SSL Certificate
This certificate is issued by a Certificate Authority and associates a particular email address to a particular person. It can be used to Sign and optionally Encrypt messages.
A User SSL Certificate has two parts - a public and a private key.
The public Key is used to digitally sign messages you send and can also be used by others to encrypt messages sent to you, although you must send your public key to the sender before they can do this.
The recipient of a digitally signed message can check the signature via the issuing Certificate Authority.
If you know someone's public key, you can encrypt messages that you send to them.
The private key is used to decrypt any messages that are encrypted with your public key