Gautam-Notes
Single Sign On
SPNEGO The SPNEGO SSO feature allows AD domain users to enter their Zimbra mailbox without having to re-authenticate themselves to Zimbra by entering their Zimbra credentials.
- SPNEGO Configuration
- For ZCO, ensure that the Store Password HKEY is diabled
HKEY_LOCAL_MACHINE\SOFTWARE\Zimbra\StorePassword = 0
SMIME
Certificates
2-way SSL (mutual authentication) using X.509 certificates
Two-way SSL authentication, also commonly referred to as SSL mutual authentication, is the combination of server and client authentication. The authentication that is occurring is mutual, or two-way, because the server is authenticating itself to the client, and the client is authenticating itself to the server.
For a server authenticating itself to the client, the client must trust the CA who signed the server's certificate.
For a client authenticating itself to the server, the server must trust the CA who signed the client's certificate.
Note: Steps and examples used below are mainly for QA and dev environment.
--- 1. Create a Certificate Authority (CA) Certificate --- 1. First, we create a 1024-bit private key to use when creating our CA.
mkdir /tmp/cert; cd /tmp/cert openssl genrsa -des3 -out ca.key 1024
The pass phrase will be requested whenever you use this certificate for anything, so make sure you remember it. This will create a file called /tmp/cert/ca.key, containing our certificate authority private key.
2. Next, we create a master certificate based on this key, to use when signing other certificates:
openssl req -config /opt/zimbra/openssl/ssl/openssl.cnf -new -x509 -days 1001 -key ca.key -out ca.cer
This will create our CA certificate and store it as /tmp/cert/ca.cer