Note: This applies to DocuShare 6.6.x and 7.0
DS 7.5 and higher versions do not need to Install SSL/TLS Certificates as these DS versions embed well-known SSL certificates.
This article provides instruction on installing and enabling SSL or TLS certificates for DocuShare SMTP service.
Installing SSL/TLS Certificates
- Stop DocuShare.
- Obtain a certificate file from an SMTP mail vendor by going to http://slproweb.com/products/Win32OpenSSL.html and downloading the Windows version of openssl.
- Install openssl in the C:\OpenSSL-Win32 folder of your server.
- Open a DOS command window and run:
cd C:\OpenSSL-Win32\bin
C:\OpenSSL-Win32\bin>set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg
- Run one of the following commands to obtain either an SSL or a TLS certificate:
· For an SSL certificate, run C:\OpenSSL-Win32\binopenssl s_client -connect -showcerts.
For example, using Gmail with 465 as the SSL port: C:\OpenSSL-Win32\binopenssl s_client -connect smtp.gmail.com:465 -showcerts.
· For a TLS certificate, run C:\OpenSSL-Win32\binopenssl s_client -connect -starttls -showcerts.
For example, using Gmail with 587 as the TLS port: C:\OpenSSL-Win32\binopenssl s_client -connect smtp.gmail.com:587 -starttls smtp -showcerts.
- Copy the text starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----, and save it as a certificate file with suffix .cer
Note: If there is a multiple certificate chain, copy and save each certificate into individual files; such as yyy1.cer, yyy2.cer, etc.
- Copy the SSL or the TLS certificate file into the /jdk1.6.0/bin folder.
Where is replaced with the installation directory for DocuShare. The default installation path is C:\Xerox\Docushare. Depending on your installation environment the path may vary.
- From a DOS window, run keytool -import -trustcacerts -file your_mail_server.cer -alias mykey -keystore ../jre/lib/security/cacerts.
- Type changeit at the password prompt.
- At the prompt, reply yes.
- From a DOS window, run keytool -import -trustcacerts -file your_mail_server.cer -alias mykey -keystore ../jre/lib/security/dstruststore.
- Enter password at the password prompt.
- At the prompt, reply yes.
- Start DocuShare.
Enabling SSL or TLS for DocuShare SMTP Service
Warning: After completion of this procedure, DocuShare uses the newly configured email account settings to send all system emails; bypassing the previous email settings for subscription, workflow, and life cycle manager. To disable this new setting, refer to next section; Disabling SSL or TLS for DocuShare SMTP Service.
- Stop DocuShare.
- Open a DOS command window.
- Change into the /bin directory.
- Run dsemailService.bat.
Note: If you are running Linux/Solaris, run dsemailService.sh. Both commands create an emailservice.properties file.
- Reply Yes when asked to configure your email server SMTP.
- Supply SMTP information as prompted:
- SMTP Host: your SMTP server address
- SMTP Port: your SMTP server port
- SMTP Type: reply 0 (SMTP-SSL) to enable SSL, 1 (SMTP-TLS) for TLS or 2(SMTP) to use unencrypted connection
- SMTP Email Account: your email account. Leave this field empty if your email server does not require authentication (Type in one or more spaces to remove the old value)
- SMTP Email Password: your email account password, leave it empty if your email server does not requires authentication (Type in one or more spaces to remove old value).
- SMTP Sender: reply 1 (No) only if your email account has permission to send mails on behalf of others, otherwise reply 0 (AGENT)
- SMTP Timeout: default value is 30000
- SMTP Connection Timeout: default value is 10000
- Reply Yes to update the new configuration.
This updates the emailservice.properties file, synchronizes the value of the SMTP Host/Port in dscommon.properties, and synchronizes the value of the SMTP Timeout/Connection Timeout in subscription.properties.
- Start DocuShare.