This post assumes you have installed a valid SSL certificate on your web server. You can obtain a certificate from CACert.org. If you use this certificate provider, make sure you import their class 1 and class 3 root certificates in your Trusted Root Certification Authorities store.
You don’t want your users to access their Zarafa webmail over a plain HTTP connection. Instead of that you want to force them to use a HTTPS. You can accomplish this by altering the .htaccess file of /webapp/ and /webaccess/. Just add the following lines to .htacces:
SSLOptions +StrictRequire SSLRequireSSL ErrorDocument 403 "https://yourhost/webaccess/"
Make sure you alter ‘yourhost’ to your own domain and make sure you change webbaccess into webapp if you alter the .htaccess in the webapp folder.