SMIME ZWC Certificates: Difference between revisions

No edit summary
No edit summary
Line 70: Line 70:
   zmprov mc <COS NAME> zimbraFeatureSMIMEEnabled TRUE
   zmprov mc <COS NAME> zimbraFeatureSMIMEEnabled TRUE


""e.g.""
'''e.g'''.


   zmprov ma pk@zimbrasupportlab.com zimbraFeatureSMIMEEnabled TRUE
   zmprov ma pk@zimbrasupportlab.com zimbraFeatureSMIMEEnabled TRUE
Line 90: Line 90:




== Note: == Same steps has to be followed for other user to upload S/MIME certificate.
'''Note:''' Same steps has to be followed for other user to upload S/MIME certificate.

Revision as of 08:16, 3 October 2020

S/MIME certificates

   KB 24164        Last updated on 2020-10-3  




0.00
(0 votes)


Overview:

S/MIME stands for ‘Secure/Multipurpose Internet Mail Extensions’. It is a standards-based method of public/private key encryption. S/MIME is based on asymmetric cryptography it is commonly used for email and MIME data. S/MIME enables email security features by providing encryption, authentication, message integrity and other related services. It ensures that an email message is sent by a legitimate sender and provides encryption for incoming and outgoing messages. To enable S/MIME based communication, the sender and receiver must be integrated with public key and signatures issued from a certificate authority (CA).

We're not going to go into great detail on what S/MIME is here, so please feel free to read the Wikipedia article for more background.

https://en.wikipedia.org/wiki/S/MIME

These are the following ways to get a SIME/certificate.

1. Buy a S/MIME certificate from authority like Comodo, SSLshoper , digicert etc.

 https://ssl.comodo.com/email-smime-certificate
 https://www.digicert.com/client-certificates/
 https://www.digicert.com/client-certificates/
 https://www.sslshopper.com/email-certificates-smime-certificates.html

2. There are few companies which provides S/MIME free for a year or 30 days

 https://www.instantssl.com/products/ssl-trial-ssl-certificate-tls
 https://www.actalis.it/products/certificates-for-secure-electronic-mail.aspx

3. Use self-signed S/MIME certificate.

Here are the steps to generate a self-singed SMIME certificate:

• Generate a key and set password which will be needed later during CSR generation.

 openssl genrsa -des3 -out cert.key 4096

• Generate the CSR, use your email ID as Common Name while generating CSR and don’t set “A challenge passwordon” CSR and leave it blank, just press enter.

 openssl req -new -key cert.key -out cert.csr 

• Create the certificate key.

 openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt

• Convert certificate into .p12. Set “Export Password” which will be used during the upload of S/MIME to Zimbra web client.

 openssl pkcs12 -export -in cert.crt -inkey cert.key -name "Your Name" -out cert.p12

Note: In case of self-signed S/MIME certificate, OCSP check should be disabled for a S/MIME certificate. (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. The full form is Online Certificate Status Protocol (OCSP).

 su - zimbra
 zmprov mcf zimbraSmimeOCSPEnabled FALSE
 zmpro fc all


Importing certificate into the Zimbra Web Client (ZWC). Using free S/MIME certificate which was opted from ACTALIS for a demo.

1. Be sure, your ZCS is installed with Network Edition version of the product and license includes S/MIME users.

 su – zimbra
 zmlicense -p | grep SMIMEAccountsLimit

2. Check the Zimlet (com_zimbra_secureemail), it should be enabled on a user or COS level to use S/MIME with ZWC.

Zimbra-smime-01.png

Note: Disable com_zimbra_smime zimlet which is an old zimlet not used anymore.

3. Enable SMIME feature from CLI or GUI. Taking two users in lab to show you SMIME working.

 zmprov ma user@example.com zimbraFeatureSMIMEEnabled TRUE
 zmprov mc <COS NAME> zimbraFeatureSMIMEEnabled TRUE

e.g.

 zmprov ma pk@zimbrasupportlab.com zimbraFeatureSMIMEEnabled TRUE
 zmprov ma pb@zimbrasupportlab.com zimbraFeatureSMIMEEnabled TRUE


4. Upload the S/MIME certificate into ZWC of a user, which was purchased from any SSL provider.


Presences > Secure Email > Browse to certificate


 It will ask the password of your SMIME certificate.

Zimbra-smime-02.png

Zimbra-smime-03.png

Zimbra-smime-04.png


Note: Same steps has to be followed for other user to upload S/MIME certificate.

Jump to: navigation, search