Results 1 to 2 of 2

Thread: User Certificate Authentification

  1. #1
    Join Date
    Aug 2014
    Rep Power

    Default User Certificate Authentification


    I want to setup 2-way SSL (mutual authentication) using X.509 certificates so I followed the guide from here:

    Gautam-Notes - Zimbra :: Wiki

    except that I already had my own CA and User certificate signed with that CA.

    I added the CA via scp to the server and used
    /opt/zimbra/bin/zmcertmgr addcacert <certfile>
    to add it to the trusted CAs

    When I go to, I can select my user certificate and the 2 way SSL handshake seems to work. However, I end up with an error 403.

    I understand it as "the SSL handshake is correct but the user is not found in the database"

    However, when I read this I cannot find the problem:

    - Now the handshake and the "authentication" of user is complete.
    ZCS will do the "authorization" by looking up the user in ZCS's directory.
    Currently ZCS uses the EMAILADDRESS field of the subject in the client certificate
    as the only lookup key. If the value of EMAILADDRESS matches a Zimbra user's
    primary email address or one of the aliases and the account is in a state good for
    logging in, the user will be let in.
    My user certificate has the correct emailAddress field in Subject.

    Is there any extension required for the client certificate to be able to be authenticated by Zimbra?

    Thanks for your help. I feel I'm close to the goal but I'm missing the last step

  2. #2
    Join Date
    Aug 2014
    Rep Power


    I forgot to say that my zimbra version is at the moment 8.0.7.GA.6021.UBUNTU12.64 FOSS

Similar Threads

  1. Picture in signature ask for authentification
    By jimorin in forum Administrators
    Replies: 0
    Last Post: 10-25-2013, 08:24 AM
  2. the console authentification 's file
    By sameh in forum Developers
    Replies: 0
    Last Post: 04-23-2008, 12:56 AM
  3. external ldap authentification
    By dmore73 in forum Administrators
    Replies: 0
    Last Post: 04-16-2007, 08:17 AM
  4. External authentification within a local network
    By Nico in forum Administrators
    Replies: 2
    Last Post: 06-06-2006, 04:02 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts