Educational ICT Virtualisation Specialist

Twitter LinkedIn E-mail
Precedence Technologies Ltd
Technology House, 36a Union Lane
Cambridge, CB4 1QB, United Kingdom
T: +44 (0)8456 446 800 / +44 (0)1223 359900
E: enquiries@precedence.co.uk
SSL-Enabling

Wiki Home

Tools

Jump To: Support > KB > NetManager > SSL > Enabling

Enabling SSL on services

Selecting certificate version to use

Each FQDN can have multiple versions. These will differ in start date, expiry date and issuer (i.e. CA). For each service you can pick a specific version of a certificate or you can choose to use chosen live version. The live version is picked centrally which means that when you update or purchase a new certificate, you can select it to be used in all services without having to select it in each. To change which version of a certificate is live:

  1. Log onto webadmin and go to Security > Certificates
  2. Click on Manage Certificate tab
  3. Click on Make live next to the version of the certificate you want to use

Using a certificate for a particular service

Web server (i.e. HTTPS)

  • Click on Web Server > Settings
  • Scroll to the bottom, choose Enable SSL and pick the appropriate certificate to use
  • Pick a TLS security/compatibility level from:
    • Modern compatibility - highest security
    • Intermediate compatibility (including XP/IE8) - higher security
    • Backward compatibility (back to XP/IE6) - high security
  • Click Save settings

Email services (i.e. SMTPS and IMAPS/POP3S)

  • Click on E-Mail Admin > Send/Receive
  • Click on Security tab
  • Choose Enable SSL and pick the appropriate certificate to use
  • Pick a TLS security level from:
    • Highest (no TLS v1.0 or lower) - perhaps less compatible
    • Medium (default) - optimal balance of compatibility and security
    • Low - for use only if needed by old clients
  • Click Save settings

Corresponding settings file options

Here are the corresponding settings in the configuration file. The secure level should be set to high, medium or low. Enable should be set to true or false. The certificate should be set domain.name:version. Wildcard certs should begin with *.. Use live as the version to inherit the live settings.

For the webserver:
apache_ssl="mail.excitinglessions.co.uk:live"
apache_ssl_enable="true"
apache_ssl_secure="high"
For SMTP:
smtp_ssl="mail.excitinglessions.co.uk:live"
smtp_ssl_enable="true"
smtp_ssl_secure="high"
For POP3 and IMAP:
popimap_ssl="*mail.excitinglessions.co.uk:live"
popimap_ssl_enable="true"
popimap_ssl_secure="high"
© Copyright Precedence Technologies 1999-2024
Page last modified on March 25, 2020, at 03:27 PM by sborrill