|
|
(20 intermediate revisions by one other user not shown) |
Line 1: |
Line 1: |
| {{WIP}}
| | #REDIRECT [[Client_Cert_Auth_using_X.509_certificates]] |
| | |
| __TOC__
| |
| | |
| ==Single Sign On==
| |
| | |
| '''SPNEGO'''
| |
| The SPNEGO SSO feature allows AD domain users to enter their Zimbra mailbox without having to re-authenticate themselves to Zimbra by entering their Zimbra credentials.
| |
| * [http://www.zimbra.com/docs/ne/latest/administration_guide/wwhelp/wwhimpl/js/html/wwhelp.htm#href=NE_Admin_Guide_7_0.Appendix%20B%20Configuring%20SPNEGO%20Single%20Sign-On%20for%20ZCS.html SPNEGO Configuration]
| |
| * For ZCO, ensure that the Store Password HKEY is diabled
| |
| HKEY_LOCAL_MACHINE\SOFTWARE\Zimbra\StorePassword = 0
| |
| | |
| '''SMIME'''
| |
| | |
| | |
| ==Certificates==
| |
| | |
| '''Certificate Based Auth'''
| |
| | |
| 1. First, we create a 1024-bit private key to use when creating our CA.
| |
| mkdir /tmp/cert; cd /tmp/cert
| |
| openssl genrsa -des3 -out ca.key 1024
| |
| | |
| The pass phrase will be requested whenever you use this certificate for anything, so make sure you remember it. This will create a file called /tmp/cert/ca.key, containing our certificate authority private key.
| |
| | |
| 2. Next, we create a master certificate based on this key, to use when signing other certificates:
| |
| openssl req -config /opt/zimbra/openssl/ssl/openssl.cnf -new -x509 -days 1001 -key ca.key -out ca.cer
| |
| | |
| This will create our CA certificate and store it as /tmp/cert/ca.cer
| |