...
ROOT Certificate Authority (CA) <---------------------------- First (required)
example 3rd party CA <---------------------------- Second (required)
example Intermediate CA <---------------------------- Third (required)
Your SSL certificate
...
Adding a Custom SSL certificates
The following shows how to get the certificate chain for a given SSL service. There are two approaches, the first is automated, if there are problems, a manual approach is also given (linux oriented) if you use windows, ask your network administrator for the certificate chain.
...
JAVA Default CA Chain, this lists at last count around 87 CA's that are included in the JAVA runtime (cacerts) file, these are sufficient for most 'global' services, eg gmail.
User Supplied CA Chain, this selects one of the previously created CA chains. When a given chain is selected, only the CA's therein are used (global CA list is not included)
Trust All Certificates, this is for diagnosis only. Trusting ALL remote SSL certificates opens up the possibility (unlikely but possible!) of a man-in-the-middle attack to expose your traffic between JEMHC and your mail server.
After selecting the User Supplied CA Chain option, a further select is then available for the SSL Certificate Chain:
Once the CA chain has been selected (1) , the connection can be tested (2), resulting in some brief information on waiting messages:
messages