Cassifying Zimbra 5
CASIFYING ZIMBRA COLLABORATION SUITE 5 This document allows guiding you in the process of cassifying Zimbra Collaboration Suite 5.
Installation of the Cas Client To download the CAS Client Java 2.1.0 go to "http://www.ja-sig.org/products/cas/downloads/" Uncompresse the downloaded file: # tar xzvf cas-client-java-2.1.0.tar.gz Navigate to the casclient jar file ("/cas-client-java-2.1.0 /dist") and copy the file "casclient.jar" Go to the lib file in Jetty ("/opt/zimbra/jetty/common/lib") and paste the casclient jar file.
Configuration of the Server Zimbra Edit the file "zimbra.web.xml.in" (/opt/zimbra/jetty/etc) Add the following information after sections "<filter>" and "<filter-mapping>" and before the first section of "<servlet>" (by adapting them): //A ScreenShot is missing
Generation of the SSL_Certificate with Java Keytool
Important Note: It is necessary to delete the certificate if it already exists by using the following commands:
- keytool -delete -alias cas -keystore %JAVA_HOME%/jre/lib/security/cacerts
- Keytool -delete -alias cas -file server.cert
If you have no name of the generated certificate either that these commands do not work well, you can directly delete files ".keystore" (In the directory home of the user: "/root") and "cacerts" (In the directory "/jdk/jre/lib/security")
- rm /opt/java/jre/lib/security/cacerts
- rm /root/.keystore
Generate the certificate by the following command:
- keytool -genkey -alias cas -keypass changeit -keyalg RSA
Enter ‘changeit’ for the password Answer the list of questions. //A ScreenShot is missing
Export the certificate you generated from your personal keystore by the following command:
- keytool -export -alias cas -keypass changeit -file server.cert
Enter ‘changeit’ for the password. //A ScreenShot is missing
Import the certificate into Java's keystore with this command:
- keytool -import -alias cas -file server.cert -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts
Enter ‘changeit’ for the password. Answer by 'oui' to add the certificate to the keystore. //A ScreenShot is missing
Validation of the Certificate: Download the class "InstallCert.java" from the link: "http://blogs.sun.com/andreas/resource/InstallCert.java" (Attachements) Add the modifications put in fat by adapting them: //A ScreenShot is missing
Compile and execute the class downloaded by the commands:
- javac InstallCert.java
Launch the CAS Server and execute the following command:
- java InstallCert
//A ScreenShot is missing
Answer the composed question by typing "Enter"
//A ScreenShot is missing
Execute the zmprov command: Launch the Server Zimbra Under the user "zimbra", execute the command:
- zmprov gdpak Domaine_Name
(This will create a preAuthKey" as this one: "45a9743161d93f5c2e2194890bca9c1452e45078844ea0134e357709bf11a06f")
Note: To force the execution of the command zmprov you can add the option "-f" and the command will be: zmprov gdpak -f Domaine_Name
Configure the page "preauth.jsp" (Attachements):
Under the user "root", copy the page "preauth.jsp" in the directory: "/opt/zimbra/jetty/webapps/zimbra"
Replace the "DOMAIN_KEY" with the key which you produced with the "zmprov" in the previous stage.
//A ScreenShot is missing
Modify the following lines towards the end of the JSP page, by substituting "domaine-name" by your domain:
//A ScreenShot is missing
Restart Zimbra to identify the new "jar" and the files of configuration:
- su root
- su - zimbra
- zmcontrol stop
- zmcontrol start
Test the Cassified Zimbra’s Server: Lunch the CAS server Launch Zimbra in the Web browser with the url "http://ecm.ecmteggo.tp/zimbra/preauth.jsp" If everything is set up correctly you will be redirected to the CAS server’s login screen.File:Example.jpg