SMIME ZWC Certificates: Difference between revisions
(Created page with " S/MIME certificates' '''Overview:''' S/MIME stands for ‘Secure/Multipurpose Internet Mail Extensions’. It is a standards-based method of public/private key encrypti...") |
No edit summary |
||
Line 1: | Line 1: | ||
{{BC|Certified}} | |||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=S/MIME certificates= | |||
{{KB|{{ZC}}| {{ZCS 9}}| {{ZCS 8.8}}|{{ZCS 8.7}}|}} | |||
=Overview:= | |||
S/MIME stands for ‘Secure/Multipurpose Internet Mail Extensions’. It is a standards-based method of public/private key encryption. S/MIME is based on asymmetric cryptography it is commonly used for email and MIME data. | |||
S/MIME enables email security features by providing encryption, authentication, message integrity and other related services. | |||
It ensures that an email message is sent by a legitimate sender and provides encryption for incoming and outgoing messages. | It ensures that an email message is sent by a legitimate sender and provides encryption for incoming and outgoing messages. | ||
To enable S/MIME based communication, the sender and receiver must be integrated with public key and signatures issued from a certificate authority (CA). | To enable S/MIME based communication, the sender and receiver must be integrated with public key and signatures issued from a certificate authority (CA). | ||
We're not going to go into great detail on what S/MIME is here, so please feel free to read the Wikipedia article for more background | |||
We're not going to go into great detail on what S/MIME is here, so please feel free to read the Wikipedia article for more background. | |||
https://en.wikipedia.org/wiki/S/MIME | |||
=These are the following ways to get a SIME/certificate.= | |||
1. Buy a S/MIME certificate from authority like Comodo, SSLshoper , digicert etc. | |||
https://ssl.comodo.com/email-smime-certificate | |||
https://www.digicert.com/client-certificates/ | |||
https://www.digicert.com/client-certificates/ | |||
https://www.sslshopper.com/email-certificates-smime-certificates.html | |||
2. There are few companies which provides S/MIME free for a year or 30 days | |||
. | |||
https://www.instantssl.com/products/ssl-trial-ssl-certificate-tls | |||
https://www.actalis.it/products/certificates-for-secure-electronic-mail.aspx | |||
3. Use self-signed S/MIME certificate. | |||
Here are the steps to generate a self-singed SMIME certificate: | |||
• Generate a key and set password which will be needed later during CSR generation. | |||
openssl genrsa -des3 -out cert.key 4096 | |||
• Generate the CSR, use your email ID as Common Name while generating CSR and don’t set “A challenge passwordon” CSR and leave it blank, just press enter. | |||
openssl req -new -key cert.key -out cert.csr | |||
• Create the certificate key. | |||
openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt | |||
• Convert certificate into .p12. Set “Export Password” which will be used during the upload of S/MIME to Zimbra web client. | |||
openssl pkcs12 -export -in cert.crt -inkey cert.key -name "Your Name" -out cert.p12 | |||
=Note:= In case of self-signed S/MIME certificate, OCSP check should be disabled for a S/MIME certificate. (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. The full form is Online Certificate Status Protocol (OCSP). | |||
su - zimbra | |||
zmprov mcf zimbraSmimeOCSPEnabled FALSE | |||
zmpro fc all | |||
==Importing certificate into the Zimbra Web Client (ZWC). Using free S/MIME certificate which was opted from ACTALIS for a demo.== | |||
1. Be sure, your ZCS is installed with Network Edition version of the product and license includes S/MIME users. | |||
su – zimbra | |||
zmlicense -p | grep SMIMEAccountsLimit | |||
2. We need to check the Zimlet (com_zimbra_secureemail), it should be enabled on a user or COS level to use S/MIME with ZWC. |
Revision as of 07:11, 3 October 2020
S/MIME certificates
Overview:
S/MIME stands for ‘Secure/Multipurpose Internet Mail Extensions’. It is a standards-based method of public/private key encryption. S/MIME is based on asymmetric cryptography it is commonly used for email and MIME data.
S/MIME enables email security features by providing encryption, authentication, message integrity and other related services.
It ensures that an email message is sent by a legitimate sender and provides encryption for incoming and outgoing messages.
To enable S/MIME based communication, the sender and receiver must be integrated with public key and signatures issued from a certificate authority (CA).
We're not going to go into great detail on what S/MIME is here, so please feel free to read the Wikipedia article for more background.
https://en.wikipedia.org/wiki/S/MIME
These are the following ways to get a SIME/certificate.
1. Buy a S/MIME certificate from authority like Comodo, SSLshoper , digicert etc.
https://ssl.comodo.com/email-smime-certificate https://www.digicert.com/client-certificates/ https://www.digicert.com/client-certificates/ https://www.sslshopper.com/email-certificates-smime-certificates.html
2. There are few companies which provides S/MIME free for a year or 30 days .
https://www.instantssl.com/products/ssl-trial-ssl-certificate-tls https://www.actalis.it/products/certificates-for-secure-electronic-mail.aspx
3. Use self-signed S/MIME certificate.
Here are the steps to generate a self-singed SMIME certificate:
• Generate a key and set password which will be needed later during CSR generation.
openssl genrsa -des3 -out cert.key 4096
• Generate the CSR, use your email ID as Common Name while generating CSR and don’t set “A challenge passwordon” CSR and leave it blank, just press enter.
openssl req -new -key cert.key -out cert.csr
• Create the certificate key. openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt
• Convert certificate into .p12. Set “Export Password” which will be used during the upload of S/MIME to Zimbra web client. openssl pkcs12 -export -in cert.crt -inkey cert.key -name "Your Name" -out cert.p12
=Note:= In case of self-signed S/MIME certificate, OCSP check should be disabled for a S/MIME certificate. (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. The full form is Online Certificate Status Protocol (OCSP).
su - zimbra zmprov mcf zimbraSmimeOCSPEnabled FALSE zmpro fc all
Importing certificate into the Zimbra Web Client (ZWC). Using free S/MIME certificate which was opted from ACTALIS for a demo.
1. Be sure, your ZCS is installed with Network Edition version of the product and license includes S/MIME users.
su – zimbra zmlicense -p | grep SMIMEAccountsLimit
2. We need to check the Zimlet (com_zimbra_secureemail), it should be enabled on a user or COS level to use S/MIME with ZWC.