Gautam-Notes: Difference between revisions
No edit summary |
No edit summary |
||
Line 16: | Line 16: | ||
==Certificates== | ==Certificates== | ||
''' | '''2-way SSL (mutual authentication) using X.509 certificates''' | ||
Two-way SSL authentication, also commonly referred to as SSL mutual authentication, is the combination of server and client authentication. The authentication that is occurring is mutual, or two-way, because the server is authenticating itself to the client, and the client is authenticating itself to the server. | |||
For a server authenticating itself to the client, the client must trust the CA who signed the server's certificate. | |||
For a client authenticating itself to the server, the server must trust the CA who signed the client's certificate. | |||
'''Note:''' Steps and examples used below are mainly for QA and dev environment. | |||
--- | |||
1. Create a Certificate Authority (CA) Certificate | |||
--- | |||
1. First, we create a 1024-bit private key to use when creating our CA. | 1. First, we create a 1024-bit private key to use when creating our CA. | ||
mkdir /tmp/cert; cd /tmp/cert | mkdir /tmp/cert; cd /tmp/cert |
Revision as of 06:39, 20 June 2011
Single Sign On
SPNEGO The SPNEGO SSO feature allows AD domain users to enter their Zimbra mailbox without having to re-authenticate themselves to Zimbra by entering their Zimbra credentials.
- SPNEGO Configuration
- For ZCO, ensure that the Store Password HKEY is diabled
HKEY_LOCAL_MACHINE\SOFTWARE\Zimbra\StorePassword = 0
SMIME
Certificates
2-way SSL (mutual authentication) using X.509 certificates
Two-way SSL authentication, also commonly referred to as SSL mutual authentication, is the combination of server and client authentication. The authentication that is occurring is mutual, or two-way, because the server is authenticating itself to the client, and the client is authenticating itself to the server.
For a server authenticating itself to the client, the client must trust the CA who signed the server's certificate.
For a client authenticating itself to the server, the server must trust the CA who signed the client's certificate.
Note: Steps and examples used below are mainly for QA and dev environment.
--- 1. Create a Certificate Authority (CA) Certificate --- 1. First, we create a 1024-bit private key to use when creating our CA.
mkdir /tmp/cert; cd /tmp/cert openssl genrsa -des3 -out ca.key 1024
The pass phrase will be requested whenever you use this certificate for anything, so make sure you remember it. This will create a file called /tmp/cert/ca.key, containing our certificate authority private key.
2. Next, we create a master certificate based on this key, to use when signing other certificates:
openssl req -config /opt/zimbra/openssl/ssl/openssl.cnf -new -x509 -days 1001 -key ca.key -out ca.cer
This will create our CA certificate and store it as /tmp/cert/ca.cer