SMIME ZWC Certificates: Difference between revisions

(Created page with " S/MIME certificates' '''Overview:''' S/MIME stands for ‘Secure/Multipurpose Internet Mail Extensions’. It is a standards-based method of public/private key encrypti...")
 
No edit summary
Line 1: Line 1:
{{BC|Certified}}
__FORCETOC__
<div class="col-md-12 ibox-content">
=S/MIME certificates=
{{KB|{{ZC}}| {{ZCS 9}}| {{ZCS 8.8}}|{{ZCS 8.7}}|}}


S/MIME certificates'


=Overview:=


S/MIME stands for ‘Secure/Multipurpose Internet Mail Extensions’.  It is a standards-based method of public/private key encryption. S/MIME is based on asymmetric cryptography it is commonly used for email and MIME data.


'''Overview:'''
S/MIME enables email security features by providing encryption, authentication, message integrity and other related services.


S/MIME stands for ‘Secure/Multipurpose Internet Mail Extensions’.  It is a standards-based method of public/private key encryption. S/MIME is based on asymmetric cryptography it is commonly used for email and MIME data.
S/MIME enables email security features by providing encryption, authentication, message integrity and other related services.
It ensures that an email message is sent by a legitimate sender and provides encryption for incoming and outgoing messages.
It ensures that an email message is sent by a legitimate sender and provides encryption for incoming and outgoing messages.
To enable S/MIME based communication, the sender and receiver must be integrated with public key and signatures issued from a certificate authority (CA).  
To enable S/MIME based communication, the sender and receiver must be integrated with public key and signatures issued from a certificate authority (CA).  
We're not going to go into great detail on what S/MIME is here, so please feel free to read the Wikipedia article for more background
 
We're not going to go into great detail on what S/MIME is here, so please feel free to read the Wikipedia article for more background.
 
https://en.wikipedia.org/wiki/S/MIME
 
=These are the following ways to get a SIME/certificate.=
1. Buy a S/MIME certificate from authority like Comodo, SSLshoper , digicert etc.
 
  https://ssl.comodo.com/email-smime-certificate
        https://www.digicert.com/client-certificates/
        https://www.digicert.com/client-certificates/
        https://www.sslshopper.com/email-certificates-smime-certificates.html
 
2. There are few companies which provides S/MIME free for a year or 30 days
.
https://www.instantssl.com/products/ssl-trial-ssl-certificate-tls
https://www.actalis.it/products/certificates-for-secure-electronic-mail.aspx
 
3. Use self-signed S/MIME certificate.
 
Here are the steps to generate a self-singed SMIME certificate:
 
• Generate a key and set password which will be needed later during CSR generation.
openssl genrsa -des3 -out cert.key 4096
 
• Generate the CSR, use your email ID as Common Name while generating CSR and don’t set “A challenge passwordon” CSR and leave it blank, just press enter.
openssl req -new -key cert.key -out cert.csr
 
• Create the certificate key.
openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt
 
• Convert certificate into .p12. Set “Export Password”  which will be used during the upload of S/MIME to Zimbra web client.
openssl pkcs12 -export -in cert.crt -inkey cert.key -name "Your Name" -out cert.p12
 
=Note:= In case of self-signed S/MIME certificate, OCSP check should be disabled for a S/MIME certificate. (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. The full form is Online Certificate Status Protocol (OCSP).
 
su - zimbra
zmprov mcf zimbraSmimeOCSPEnabled FALSE
zmpro fc all
 
 
==Importing certificate into the Zimbra Web Client (ZWC). Using free S/MIME certificate which was opted from ACTALIS for a demo.==
 
1. Be sure, your ZCS is installed with Network Edition version of the product and license includes S/MIME users.
 
              su – zimbra
              zmlicense -p | grep SMIMEAccountsLimit
 
2. We need to check the Zimlet (com_zimbra_secureemail), it should be enabled on a user or COS level to use S/MIME with ZWC.

Revision as of 07:11, 3 October 2020

  1. Zimbra Tech Center
  2. Certified
  3. SMIME ZWC Certificates

S/MIME certificates

   KB 24164        Last updated on 2020-10-3  




0.00
(0 votes)


Overview:

S/MIME stands for ‘Secure/Multipurpose Internet Mail Extensions’. It is a standards-based method of public/private key encryption. S/MIME is based on asymmetric cryptography it is commonly used for email and MIME data.

S/MIME enables email security features by providing encryption, authentication, message integrity and other related services.

It ensures that an email message is sent by a legitimate sender and provides encryption for incoming and outgoing messages.

To enable S/MIME based communication, the sender and receiver must be integrated with public key and signatures issued from a certificate authority (CA).

We're not going to go into great detail on what S/MIME is here, so please feel free to read the Wikipedia article for more background.

https://en.wikipedia.org/wiki/S/MIME

These are the following ways to get a SIME/certificate.

1. Buy a S/MIME certificate from authority like Comodo, SSLshoper , digicert etc. 

  	https://ssl.comodo.com/email-smime-certificate
       https://www.digicert.com/client-certificates/
       https://www.digicert.com/client-certificates/
       https://www.sslshopper.com/email-certificates-smime-certificates.html

2. There are few companies which provides S/MIME free for a year or 30 days . 

https://www.instantssl.com/products/ssl-trial-ssl-certificate-tls
https://www.actalis.it/products/certificates-for-secure-electronic-mail.aspx

3. Use self-signed S/MIME certificate.

Here are the steps to generate a self-singed SMIME certificate:

• Generate a key and set password which will be needed later during CSR generation. 

openssl genrsa -des3 -out cert.key 4096

• Generate the CSR, use your email ID as Common Name while generating CSR and don’t set “A challenge passwordon” CSR and leave it blank, just press enter. 

openssl req -new -key cert.key -out cert.csr

• Create the certificate key. openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt

• Convert certificate into .p12. Set “Export Password” which will be used during the upload of S/MIME to Zimbra web client. openssl pkcs12 -export -in cert.crt -inkey cert.key -name "Your Name" -out cert.p12

=Note:= In case of self-signed S/MIME certificate, OCSP check should be disabled for a S/MIME certificate. (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. The full form is Online Certificate Status Protocol (OCSP).

su - zimbra zmprov mcf zimbraSmimeOCSPEnabled FALSE zmpro fc all


Importing certificate into the Zimbra Web Client (ZWC). Using free S/MIME certificate which was opted from ACTALIS for a demo.

1. Be sure, your ZCS is installed with Network Edition version of the product and license includes S/MIME users. 

              su – zimbra
              zmlicense -p | grep SMIMEAccountsLimit

2. We need to check the Zimlet (com_zimbra_secureemail), it should be enabled on a user or COS level to use S/MIME with ZWC.

Retrieved from "http://wiki.zimbra.com/index.php?title=SMIME_ZWC_Certificates&oldid=67644"
Jump to: navigation, search