![]() ![]() ![]() Otherwise, Nginx Lookup will always return "login failed", and nginx return "403 Forbidden error". In this way, Nginx Lookup Handler will know the lookup request comes from a valid nginx. Add nginx server's IP address in zimbraReverseProxyAdminIPAddress. Zmprov -m -l - mcf zimbraReverseProx圜lientCertCA "$content"ĥ. Use the following command as workaround, until the bug is fixed. Important Note: Due to Bug #98410, script zmclientcertmgr is not able to import the content of CA.crt to zimbraReverseProx圜lientCertCA. opt/zimbra/libexec/zmclientcertmgr savecrt global If using commercial certs, you need to import your CA's root cert. ![]() If using self signed certs, import the CA.crt file that is generated in "Preperation" section 1A. Therefore the server part (nginx) has to know the CA and the browser has to send the client cert to server and let server check its validity. For a client authenticating itself to the server, the server must trust the CA who signed the client's certificate. Import the CA.crt to zimbraReverseProx圜lientCertCA using libexec/zmclientcertmgr command. Organizational Unit Name (eg, section) :SupportĬommon Name (eg, your name or your server's hostname) : Ĥ. At the "Email Address" section, enter the username who needs to be authenticated using the cert. opt/zimbra/openssl/bin/openssl req -new -key user1.key -out user1.csrĮxample output. opt/zimbra/openssl/bin/openssl genrsa -out user1.key 2048 opt/zimbra/openssl/bin/openssl req -new -key CA.key -x509 -days 3650 -out CA.crt opt/zimbra/openssl/bin/openssl genrsa -out CA.key 2048 You need to create a CA cert/key pair and a client cert/key pair. Note: For testing purpose only in absence of commercial certs.Preparation Generate Self signed CA and client certs This feature is introduced in ZCS 7.1 (RFE 29625). This document is concentrating on how to do the client cert authentication in Nginx-Zimbra. This is certified documentation and is protected for editing by Zimbra Employees & Moderators only.Ĭlient certificate authentication is one part of Two-way SSL authentication, also commonly referred to as SSL mutual authentication, is the combination of server and client authentication.Ĭommonly server certificate authentication is done by Browser in a SSL connection, and client cert authentication is optional. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |