SSL Certificates

Revision as of 12:25, 2 October 2014 by Jorge de la Cruz (talk | contribs)

Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 8.5 Article ZCS 8.5ZCS 8.0 Article ZCS 8.0


SSL Certificates

What is an SSL Certificate?

A SSL (Secure Socket Layer) certificate is a file that contains organization's details that includes also a cryptographic key. Once when we installed on a web server, the HTTPS (443 port) protocol will be used for all traffic and connections, and permit us have secure connections.

In Zimbra, for example, it's much important keep the security when users do login, and check the Email, Calendars, Contacts, Files, in a secure way.

Information inside an SSL

Inside an SSL Certificate have all the necessary information about the Company and also about the hostname or hostnames that we wants to protect: CSR (Certificate Signing Request) Summary

Subject

RDN VALUE
Common Name (CN) test.zimbra.com
Organization (O) Zimbra
Locality (L) London
State (ST) London
Country (C)

Properties

Property Value
Subject CN = test.zimbra.com,O = Zimbra,L = London,ST = London,C = GB
Key Size 2048 bits
Fingerprint (SHA-1) v2E:7E:41:27:0F:E0:D9:A8:E4:5E:68:DC:89:64:5F:A5:D0:FB:47:BF
Fingerprint (MD5) 59:1D:E9:57:7B:AE:BA:18:FE:E6:A6:CC:14:AC:C4:2C
SANS

How Does it Work?

Each SSL certificate have a key pair that contains a public key and a private key, also each SSL certificate have their own "Subject". With all of this information we can identify the Certificate and also Information about the Company has own the SSL Certificate.

Design with Root+CA+CERTIFICATE

How Does work SSL Certificate and interact with the Server?

When some user in any device attempts to access to a website that is secured trough SSL. The user browser and the web server establish and secure connection, this connection has the name "SSL Handshake", this process happens immediately for the user and is completely invisible.

Pending Draw about how connections happens

Why my Company Need an SSL Certificate?

With the increment of cyber-attacks and the data-loss Companies issues, now is most important than never have our Company totally secure, under a SSL certificate, protection all of our connections, based in Zimbra: Mail, Contacts, Calendars, Briefcase (in sometimes with critical data), etc.

How an SSL Certificate Looks in a browser?

You can easily show if the webpage that you are watching are under Secure Socket Layer (SSL) looking in the address bar, you will see something like that:

Classes of Certificates

Are some different classes of SSL Certificates, we will see all of them with Use-Cases Zimbra oriented:

  • Domain Validation (DV): Is the most simple one, we can issue it in a few minutes only with a business email account. It is compatible with almost all browsers and devices. It is not needed any Company Paperwork. It is oriented for a low cost SSL, for Small Business or regular uses. In the last Geotrust certificates for example, any data about the company appears in the SSL.
  • Organization Validation (OV): This certificate can be only issue after pass a Business check that may include Phone Call, Paperwork, etc. In a SSL Certificate will be appear the Company Information that we describes in a Information inside an SSL section.
  • Extended Validation (EV): Most know like "Green Bar". Is the highest level of authentication. The process takes some Calls, Paperwork and also Technical checks. With this SSL certificate, modern web browsers activates some security interfaces, the most popular is the Green Bar. Also you can see the name of the Company embedded with the SSL Issuer in the address bar.

Types of Certificates

Are some different types of SSL Certificates, we will see all of them with Use-Cases Zimbra oriented:

  • Self-Signed: The default SSL Certificate that
  • Standard and regular SSL: This is the most basic SSL Certificate, secure a Single Common Name. Oriented for Small Business Companies or private use. In Zimbra terms this SSL Certificate fits with a Single Server Deployment.

Pending Draw Single Server Installation

  • Extended Validation: With this SSL Certificate we can secure a Single Common Name and do it in the highest possible way. Oriented for Small Business Companies and also for Medium Business Companies that have a Single Server Deployment and wants the highest security for a SSL Certificate.

Pending Draw Single Server Installation with EV

  • Multi-Domain: This SSL Certificate protect different domains in our Company. Oriented for a Medium Business Companies that need to protect different domains. Using with Zimbra, fits in a perfect way when have Multiple Domains for Protect.

Pending Draw Single Server Installation with Multiple Domains

  • Multi-Domain EV: This SSL Certificate protect different domains in our Company. Oriented for a Medium-Large Business Companies that need to protect different domains in the highest secure way. Using with Zimbra, fits in a perfect way when have Multiple Domains for Protect.

Pending Draw Single Server Installation with Multiple Domains

  • Wildcard: With this SSL we can protect all of sub-domains of our main domain. This certificate is oriented for any type of Business that needs to protect the main domain and also all of the sub-domains. Normally this SSL Certificate fits better with an a Zimbra Single Server + Apache Web Servers, etc. An also fits well in a Multi-Server environment with many Proxies, Mailboxes and MTA's

Pending Draw Single Server Installation with Wildcard

Pending Draw Multiple Server Installation with Wildcard

Verified Against: ZCS 8.0.x & 8.5.x Date Created: 10/1/2014
Article ID: https://wiki.zimbra.com/index.php?title=SSL_Certificates Date Modified: 2014-10-02



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search