Monday, August 22, 2016

Alfresco IMAPS: Secure Email Client Integration with Alfresco

 Alfresco IMAP integration is a lightweight integration of Alfresco with email clients, like Outlook, Thunderbird and Mail.  IMAP integration enables an Alfresco folder to be mounted as an IMAP folder in the email client.  The mounted folder allows the user to browse through the Alfresco repository and to easily file email messages and attachments by just dragging items into the mounted folder.

As an aside, if your email client is Outlook and you are running on Windows, you might consider using instead the Alfresco Outlook Integration which provides a deeper email client integration than just IMAP.

How do you get IMAP working?  I described that some time ago in this blog and the information there is still relevant.  Since that post was written, the latest Alfresco documentation has also added a good explanation for how to set up IMAP too.  IMAP configuration can be done by setting parameters either in the file or, in the enterprise version, by changing settings in the Admin console.
The tip described here though is how to configure secure IMAP or IMAPS with Alfresco.  Although this is covered in the standard Alfresco documentation here, and it's also discussed on an older wiki page here, it may be confusing.  From the description on those pages, it isn't totally clear where to set all the parameters needed for IMAPS to work.

Once you have standard IMAP working, add the following two parameters to the file or enter them on the Admin Console:


Then there are still two other parameters that need to be configured.  Those parameters don't go into the file.  Those parameters are:

The parameters are passed to the JVM so that it can find and use the SSL certificates needed for IMAPS.

If you don't already have a keystore file, you can create a test certificate as shown next.  The steps given here are for a Linux system, but similar commands can be run for a Windows server.  Note in this example that the keystore that I create uses the password MPaI43a.  You'll use the password you configure when making the certificate later as the value for one of the JVM parameters.

cd /opt/alfresco-one/java/bin
rm imapkeystore.jks

./keytool -genkeypair -alias imapalfresco -keystore ./imapkeystore.jks -storepass MPaI43a -keypass MPaI43a -keyalg RSA -validity 999 -keysize 2048 -storetype JKS
./keytool -list -v -keystore ./imapkeystore.jks

Once the keystore file is created, the javax parameters shown above need to be passed to the JVM.  This can be done by adding them to the JAVA_OPS setting.

For example, if you are using Tomcat on Linux, add the following to the /opt/alfresco-one/ file at the beginning right after "#!/bin/sh", as shown here:



Depending on the application server that you use and how you start it, just where you need to add these JAVA_OPS settings will differ.  If you are using Tomcat as a service in Windows, for example, you can get to the JVM settings used by Tomcat by running the program tomcat7w.exe found in the <ALFRESCO_HOME>\tomcat\bin directory.  In that setup app, you can add them to the "Java Options" area under the Java tab.  (Remember to prefix the options with a "-D")

tomcat7w.exe //ES//AlfrescoTomcat

After making that change, restart the server and IMAPS should then be available.

No comments:

Post a Comment