Gautam-Notes: Difference between revisions

No edit summary
No edit summary
Line 16: Line 16:
==Certificates==
==Certificates==


'''Certificate Based Auth'''
'''2-way SSL (mutual authentication) using X.509 certificates'''


Two-way SSL authentication, also commonly referred to as SSL mutual authentication, is the combination of server and client authentication.  The authentication that is occurring is mutual, or two-way, because the server is authenticating itself to the client, and the client is authenticating itself to the server.
For a server authenticating itself to the client, the client must trust the CA who signed the server's certificate.
For a client authenticating itself to the server, the server must trust the CA who signed the client's certificate.
'''Note:''' Steps and examples used below are mainly for QA and dev environment.
---
1. Create a Certificate Authority (CA) Certificate
---
1. First, we create a 1024-bit private key to use when creating our CA.
1. First, we create a 1024-bit private key to use when creating our CA.
   mkdir /tmp/cert; cd /tmp/cert
   mkdir /tmp/cert; cd /tmp/cert

Revision as of 06:39, 20 June 2011


Single Sign On

SPNEGO The SPNEGO SSO feature allows AD domain users to enter their Zimbra mailbox without having to re-authenticate themselves to Zimbra by entering their Zimbra credentials.

 HKEY_LOCAL_MACHINE\SOFTWARE\Zimbra\StorePassword = 0

SMIME


Certificates

2-way SSL (mutual authentication) using X.509 certificates

Two-way SSL authentication, also commonly referred to as SSL mutual authentication, is the combination of server and client authentication. The authentication that is occurring is mutual, or two-way, because the server is authenticating itself to the client, and the client is authenticating itself to the server.

For a server authenticating itself to the client, the client must trust the CA who signed the server's certificate.

For a client authenticating itself to the server, the server must trust the CA who signed the client's certificate.

Note: Steps and examples used below are mainly for QA and dev environment.

--- 1. Create a Certificate Authority (CA) Certificate --- 1. First, we create a 1024-bit private key to use when creating our CA.

 mkdir /tmp/cert; cd /tmp/cert
 openssl genrsa -des3 -out ca.key 1024

The pass phrase will be requested whenever you use this certificate for anything, so make sure you remember it. This will create a file called /tmp/cert/ca.key, containing our certificate authority private key.

2. Next, we create a master certificate based on this key, to use when signing other certificates:

 openssl req -config /opt/zimbra/openssl/ssl/openssl.cnf -new -x509 -days 1001 -key ca.key -out ca.cer

This will create our CA certificate and store it as /tmp/cert/ca.cer

Jump to: navigation, search