How to configure SMIME on Zimbra: Difference between revisions

No edit summary
No edit summary
Line 55: Line 55:
4. In Zimbra Web Client, go to '''Preferences -> Zimlets''', and make sure the Zimlet called '''"Secure Email"''' is enabled. You can enable securemail zimlet from COS as well.
4. In Zimbra Web Client, go to '''Preferences -> Zimlets''', and make sure the Zimlet called '''"Secure Email"''' is enabled. You can enable securemail zimlet from COS as well.
5. In Zimbra Web Client, go to '''Preferences -> Security,''' and upload the S/MIME cert.
5. In Zimbra Web Client, go to '''Preferences -> Security,''' and upload the S/MIME cert.
Here you can see the steps:
[[File:Smime2.png]]

Revision as of 07:54, 2 June 2021

How to configure S/MIME(Webmail, ZCO,IMAP,POP and Thunderbird)?


   KB 24294        Last updated on 2021-06-2  




0.00
(0 votes)


What is S/MIME?

S/MIME is an acronym for Secure/Multipurpose Internet Mail Extensions. It references a type of public encryption and signing of MIME data (email messages) to verify a sender’s identity.

What it allows you to do is two things:

Ensure to your email recipients that YOU actually sent the email.

Allows the possibility of sending and/or receiving email encrypted.


How Does S/MIME Work?

As mentioned above, S/MIME is a type of “end-to-end” encryption solution used for email messages. To be more specific, it uses asymmetric cryptography to protect emails from being read by a third party.

Sign: Digitally validate that you are the sender of a message. When signing, you use your private key to write message's signature, and they use your public key to check if it's really yours.

Encrypt: encrypt the composed message for one or more recipients. When encrypting, you use their public key to write a message and they use their private key to read it.

In order to encrypt, you must have previously received a signed message from that user, such that Zimbra has stored the public S/MIME certificate for that other user. A digital id or digital certificate consists of a public and private key. Your public key is shared with everyone. Your private key is kept private.


Digital signatures and end-to-end email encryption:

A digital signature only requires the sender (the signer) to have cryptographic keys (a private key and a public key). The sender signs the message locally on his/her device (using sender’s private key). Furthermore, the receiver verifies it on his device by using sender’s public key. The process works as follows:

 --  Alice (sender) generates a key pair and shares her public key with Bob (a one-time prerequisite).
 --  Alice signs the message using her private key in her device and sends the message to Bob.
 --  Bob receives the signed message on his device and verifies the signature using Alice’s public key.

Smime1.png

Enabling S/MIME Email Encryption:

Enabling S/MIME email encryption may be different for depending on the Webmail and email application combination that you use. There are few examples of how your S/MIME control on different email client and Zimbra Webmail.

Enabling S/MIME on Zimbra Webmail:

1. This is a license feature, a valid S/MIME license(SMIMEAccountsLimit) should be present in license file.

2. Get the valid S/MIME certificate from CA authority and you can use free S/MIME certs as well. When you create this certificate, it must match exactly the From: address you use when sending email. If there is a mismatch, S/MIME will not work.

3. You can enable this feature in account level and COS level:

Account level: Edit account -> Features -> S/MIME features. COS level: Open admin console -> Configure ->Class of Service ->Cos_name ->Features -> S/MIME features.

CLI:

$ zmprov  ma account@domain.com zimbraFeatureSMIMEEnabled TRUE
$ zmprov mc cos_name zimbraFeatureSMIMEEnabled TRUE


4. In Zimbra Web Client, go to Preferences -> Zimlets, and make sure the Zimlet called "Secure Email" is enabled. You can enable securemail zimlet from COS as well. 5. In Zimbra Web Client, go to Preferences -> Security, and upload the S/MIME cert.

Here you can see the steps: Smime2.png

Jump to: navigation, search