If you compiled Open-Xchange with SSL-flag turned on your server-components will communicate in a secure way.

Attention. This has nothing to do with the encryption between your browser and the web-server (e.g. apache).

The problem is, you have to provide the key-files and a certificate-files which are used for communication of the components and a ca-file.

A Certificate Authority (CA) signes your certificate-file this is usefull for authentication purposes. CAs are independend, they check your idendity and sign your certificate. Third parties can now check whether you are you or not by using the ca-certificate to check against your certificate.

1. The problem is you have to pay for this service.
2. Or join the http:cacert.org community, which is movement for the freedom of privacy/security and get free certificates there
3. But you can also be your own CA.

The key-file for the session-server: /etc/sessiond/certs/sessiondkey.pem
The certificate-file session-server: /etc/sessiond/certs/sessiondcert.pem
The key-file for the groupware: /etc/sessiond/certs/groupwarekey.pem
The certificate-file groupware: /etc/sessiond/certs/groupwarecert.pem

plus:

SuSEWebcert.pem
suadcert.pem
SuSEWebkey.pem
suadkey.pem

in the same directory.

and at last the ca-certificate: /etc/sessiond/cacert.pem

HowTo Create Certs and Keys

create a directory of your choice:
mkdir /tmp/ox_ssl

cd /tmp/ox_ssl

At first we create our CA:

/usr/share/ssl/misc/CA.pl -newca

Enter the password (1) for your CA. Answer the informations like you want or just press enter using the defaults.

Now we will create the request for our Open-Xchange itself

/usr/share/ssl/misc/CA.pl -newreq

Remember the password (2) for this key we need it later.

/usr/share/ssl/misc/CA.pl -sign

You will be asked for password, enter the password (1) of the CA.

Now, we need to remove password from the keyfile, or Open-Xchange wont work, because it can not enter the password.

openssl rsa < newreq.pem >newkey.pem

You will be asked for password, enter the password (2) of the key.

Now after we have generated everything, we will put the files into the right place.

cp demoCA/cacert.pem /etc/sessiond/cacert.pem
cp newkey.pem /etc/sessiond/certs/groupwarekey.pem
cp newkey.pem /etc/sessiond/certs/sessiondkey.pem
cp newcert.pem /etc/sessiond/certs/groupwarecert.pem
cp newcert.pem /etc/sessiond/certs/sessiondcert.pem
cp newcert.pem /etc/sessiond/certs/SuSEWebcert.pem
cp newcert.pem /etc/sessiond/certs/suadcert.pem
cp newkey.pem /etc/sessiond/certs/SuSEWebkey.pem
cp newkey.pem /etc/sessiond/certs/suadkey.pem

Now you should remove the temporary directory.

After that restart Open-Xchange – it should work.