Gautam-Notes: Difference between revisions
No edit summary |
No edit summary |
||
| Line 12: | Line 12: | ||
'''SMIME''' | '''SMIME''' | ||
==Certificates== | |||
'''Certificate Based Auth''' | |||
1. First, we create a 1024-bit private key to use when creating our CA. | |||
mkdir /tmp/cert; cd /tmp/cert | |||
openssl genrsa -des3 -out ca.key 1024 | |||
The pass phrase will be requested whenever you use this certificate for anything, so make sure you remember it. This will create a file called /tmp/cert/ca.key, containing our certificate authority private key. | |||
2. Next, we create a master certificate based on this key, to use when signing other certificates: | |||
openssl req -config /opt/zimbra/openssl/ssl/openssl.cnf -new -x509 -days 1001 -key ca.key -out ca.cer | |||
This will create our CA certificate and store it as /tmp/cert/ca.cer | |||
Revision as of 05:43, 20 June 2011
- This article is a Work in Progress, and may be unfinished or missing sections.
Single Sign On
SPNEGO The SPNEGO SSO feature allows AD domain users to enter their Zimbra mailbox without having to re-authenticate themselves to Zimbra by entering their Zimbra credentials.
- SPNEGO Configuration
- For ZCO, ensure that the Store Password HKEY is diabled
HKEY_LOCAL_MACHINE\SOFTWARE\Zimbra\StorePassword = 0
SMIME
Certificates
Certificate Based Auth
1. First, we create a 1024-bit private key to use when creating our CA.
mkdir /tmp/cert; cd /tmp/cert openssl genrsa -des3 -out ca.key 1024
The pass phrase will be requested whenever you use this certificate for anything, so make sure you remember it. This will create a file called /tmp/cert/ca.key, containing our certificate authority private key.
2. Next, we create a master certificate based on this key, to use when signing other certificates:
openssl req -config /opt/zimbra/openssl/ssl/openssl.cnf -new -x509 -days 1001 -key ca.key -out ca.cer
This will create our CA certificate and store it as /tmp/cert/ca.cer
