Knowledge Base Home

Call Support

Search the Knowledge Base

Skip to end of metadata
Go to start of metadata


Netmail Archive 5.x


The Netmail Search page won't load.  Looking at the dp.log (located in C:\Program Files (x86)\Messaging Architects\Remote Provider) to determine why the page failed to load shows that the Netmail Archive Remote Provider cannot find the keystore. This article will explain how to generate a keystore/self-signed certificate for the Remote Provider and restore access to Netmail Search.


Do the following:

  1. Open a Command Prompt
  2. Go to the location of the Java install path e.g., C:\Program Files\Java\jdk1.6.0_35\bin
  3. At a command prompt, run "keytool -keystore "C:\keystore" -alias jetty -genkey -keyalg RSA -validity 999" and provide appropriate information when prompted.

Enter "password" for the keystore password.

 C:\Program Files (x86)\Java\jre6\bin>keytool -keystore "c:\keystore" -alias jetty -genkey -keyalg RSA -validity 999
Enter keystore password:

This will be the resulting CN in the certificate file and to avoid certificate name mismatch errors, this should be the same DNS name or IP that will be used to access Netmail Search (Remote Provider).  If you use a DNS name instead of an IP address AND you use the OutlookAddin, the value of the Jexcon <server>x.x.x.x</server> should also be updated in the IISExt config.xml file to match this name.

What is your first and last name?
  [Unknown]:  x.x.x.x

The rest of the information requested by the other prompts can be anything. The information provided will not affect the functionality of the certificate, but providing relevant information makes the certificate look better, for example...

What is the name of your organizational unit?
  [Unknown]:  Remote Provider
What is the name of your organization?
  [Unknown]:  Netmail Archive
What is the name of your City or Locality?
  [Unknown]:  Montreal
What is the name of your State or Province?
  [Unknown]:  Quebec
What is the two-letter country code for this unit?
  [Unknown]:  CA
Is CN=x.x.x.x, OU=Remote Provider, O=Netmail Archive, L=Montreal, ST=Quebec, C=CA correct?
  [no]:  yes
Enter key password for <jetty>
        (RETURN if same as keystore password):


Next, edit C:\Program Files(x86)\Messaging Architects\RemoteProvider\jetty-ssl.xml to configure it for the new keystore.

<Set name="keystore">c:\keystore</Set>
<Set name="password">password</Set>
<Set name="keyPassword">password</Set>
<Set name="truststore">c:\keystore</Set>
<Set name="trustPassword">password</Set>

Save the changes and restart the AWA RemoteProvider service.


Now when the certificate is viewed, it will display nice, accurate, and relevant information.



Help us improve!
Is this article helpful?
Is it well written?
Is the content complete?

1 Comment

  1. Changing server-side certificates may result in client connections not trusting the new certificate.  

    For example, in the case of the Outlook Add-in, attempts to load the archives may result in a Security Alert screen.

    If the CA is not trusted, you need to install it:

    1. In the Security Alert screen, click on View Certificate and then Install Certificate.
    2. Place the certificate in the following store: Trusted Root Certification Authorities.