Gautam-Notes: Difference between revisions
No edit summary |
No edit summary |
||
Line 12: | Line 12: | ||
'''SMIME''' | '''SMIME''' | ||
==Certificates== | |||
'''Certificate Based Auth''' | |||
1. First, we create a 1024-bit private key to use when creating our CA. | |||
mkdir /tmp/cert; cd /tmp/cert | |||
openssl genrsa -des3 -out ca.key 1024 | |||
The pass phrase will be requested whenever you use this certificate for anything, so make sure you remember it. This will create a file called /tmp/cert/ca.key, containing our certificate authority private key. | |||
2. Next, we create a master certificate based on this key, to use when signing other certificates: | |||
openssl req -config /opt/zimbra/openssl/ssl/openssl.cnf -new -x509 -days 1001 -key ca.key -out ca.cer | |||
This will create our CA certificate and store it as /tmp/cert/ca.cer |
Revision as of 05:43, 20 June 2011
Single Sign On
SPNEGO The SPNEGO SSO feature allows AD domain users to enter their Zimbra mailbox without having to re-authenticate themselves to Zimbra by entering their Zimbra credentials.
- SPNEGO Configuration
- For ZCO, ensure that the Store Password HKEY is diabled
HKEY_LOCAL_MACHINE\SOFTWARE\Zimbra\StorePassword = 0
SMIME
Certificates
Certificate Based Auth
1. First, we create a 1024-bit private key to use when creating our CA.
mkdir /tmp/cert; cd /tmp/cert openssl genrsa -des3 -out ca.key 1024
The pass phrase will be requested whenever you use this certificate for anything, so make sure you remember it. This will create a file called /tmp/cert/ca.key, containing our certificate authority private key.
2. Next, we create a master certificate based on this key, to use when signing other certificates:
openssl req -config /opt/zimbra/openssl/ssl/openssl.cnf -new -x509 -days 1001 -key ca.key -out ca.cer
This will create our CA certificate and store it as /tmp/cert/ca.cer