How to configure SMIME on Zimbra: Difference between revisions

No edit summary
No edit summary
Line 66: Line 66:
Composing Sign email you should now see a pull-down box offering "Don't Sign", "Sign" or "Sign and Encrypt". Here we will select “Sign”.
Composing Sign email you should now see a pull-down box offering "Don't Sign", "Sign" or "Sign and Encrypt". Here we will select “Sign”.


[[File:Smime4.png|900px]]
[[File:Smime4.png|800px]]


Recipient end you can see signed email and certificate detail:
Recipient end you can see signed email and certificate detail:
Line 74: Line 74:
Once you have sent sign public cert of sender will add in contact list and now you can sent a Sign and Encrypt email to each other.
Once you have sent sign public cert of sender will add in contact list and now you can sent a Sign and Encrypt email to each other.


[[File:Smime6.png|900px]]
[[File:Smime6.png|800px]]




Line 125: Line 125:
2. Now go to the Account '''Settings-> Security -> Digital Signing->''' Select the certificate.
2. Now go to the Account '''Settings-> Security -> Digital Signing->''' Select the certificate.


[[File:Smime13.png]]
[[File:Smime13.png|900px]]


3. You can try to compose the Digitally Sign email or Encrypt e-mail.
3. You can try to compose the Digitally Sign email or Encrypt e-mail.


[[File:Smime14.png]]
[[File:Smime14.png]]

Revision as of 10:52, 2 June 2021

How to configure S/MIME(Webmail, ZCO,IMAP,POP and Thunderbird)?


   KB 24294        Last updated on 2021-06-2  




0.00
(0 votes)


What is S/MIME?

S/MIME is an acronym for Secure/Multipurpose Internet Mail Extensions. It references a type of public encryption and signing of MIME data (email messages) to verify a sender’s identity.

What it allows you to do is two things:

Ensure to your email recipients that YOU actually sent the email.

Allows the possibility of sending and/or receiving email encrypted.


How Does S/MIME Work?

As mentioned above, S/MIME is a type of “end-to-end” encryption solution used for email messages. To be more specific, it uses asymmetric cryptography to protect emails from being read by a third party.

Sign: Digitally validate that you are the sender of a message. When signing, you use your private key to write message's signature, and they use your public key to check if it's really yours.

Encrypt: encrypt the composed message for one or more recipients. When encrypting, you use their public key to write a message and they use their private key to read it.

In order to encrypt, you must have previously received a signed message from that user, such that Zimbra has stored the public S/MIME certificate for that other user. A digital id or digital certificate consists of a public and private key. Your public key is shared with everyone. Your private key is kept private.


Digital signatures and end-to-end email encryption:

A digital signature only requires the sender (the signer) to have cryptographic keys (a private key and a public key). The sender signs the message locally on his/her device (using sender’s private key). Furthermore, the receiver verifies it on his device by using sender’s public key. The process works as follows:

 --  Alice (sender) generates a key pair and shares her public key with Bob (a one-time prerequisite).
 --  Alice signs the message using her private key in her device and sends the message to Bob.
 --  Bob receives the signed message on his device and verifies the signature using Alice’s public key.

Smime1.png

Enabling S/MIME Email Encryption:

Enabling S/MIME email encryption may be different for depending on the Webmail and email application combination that you use. There are few examples of how your S/MIME control on different email client and Zimbra Webmail.

Enabling S/MIME on Zimbra Webmail:

1. This is a license feature, a valid S/MIME license(SMIMEAccountsLimit) should be present in license file.

2. Get the valid S/MIME certificate from CA authority and you can use free S/MIME certs as well. When you create this certificate, it must match exactly the From: address you use when sending email. If there is a mismatch, S/MIME will not work.

3. You can enable this feature in account level and COS level:

Account level: Edit account -> Features -> S/MIME features. COS level: Open admin console -> Configure ->Class of Service ->Cos_name ->Features -> S/MIME features.

CLI:

$ zmprov  ma account@domain.com zimbraFeatureSMIMEEnabled TRUE
$ zmprov mc cos_name zimbraFeatureSMIMEEnabled TRUE


4. In Zimbra Web Client, go to Preferences -> Zimlets, and make sure the Zimlet called "Secure Email" is enabled. You can enable securemail zimlet from COS as well. 5. In Zimbra Web Client, go to Preferences -> Security, and upload the S/MIME cert.

Here you can see the steps:

Smime2.png

After upload it should be like this:

Smime3.png

Composing Sign email you should now see a pull-down box offering "Don't Sign", "Sign" or "Sign and Encrypt". Here we will select “Sign”.

Smime4.png

Recipient end you can see signed email and certificate detail:

Smime5.png

Once you have sent sign public cert of sender will add in contact list and now you can sent a Sign and Encrypt email to each other.

Smime6.png


Enabling S/MIME in (ZCO,IMAP/POP) outlook:

1. Configure a new ZCO profile and configure an account in outlook. 2. After complete the ZCO profile open the account and go to the File -> Options -> Trust Center -> Trust Center Settings -> Email Security -> Import/Export

Smime7.png

New window will open and you need to browse the certificate file and give the password.

Smime8.png

Now you can give the name of your certificate and see the settings:

Smime9.png

Try to compose one e-mail from outlook and you will the “sign” and “encrypt” option in Options tab:

Smime10.png

Outlook save the public cert of sender in local outlook contact list, it will not save it automatically when someone sent you a “Sign” e-mail. We need to save it manually. Steps to add contact in local outlook contact list.

1) Open the signed e-mail message

2) Right-click on the sender's name

3) Select Add to Outlook Contacts

4) If the sender is not yet in your Contacts address book, a Contact window will appear. Enter any information you want to include.

5) Click Save and Close. This automatically adds the sender's Digital ID to your Contact address book.

6) If the sender is already in your Contacts address book, a dialog box will appear stating that a duplicate contact is detected. Click OK to update new information from this contact to the existing one.

Once you have saved the contact, it will sync with webmail as well and now you can send the Sign&encrypt email to the sender. If the contact not saved you will get an error when you will try to send the encrypt email. You can see the saved certificate information in contact: Smime11.png

Steps are same to add certificate and compose an email for IMAP/POP account in outlook but only the local contact will not sync with webmail.


Enabling S/MIME in Thunderbird e-mail client:

1. Go to the Options -> Certificates -> Manage Certificates -> Import Here you need to import the certificate then Ok.

Smime12.png

2. Now go to the Account Settings-> Security -> Digital Signing-> Select the certificate.

Smime13.png

3. You can try to compose the Digitally Sign email or Encrypt e-mail.

Smime14.png

Jump to: navigation, search