Difference between revisions of "Zimbra S/MIME Encryption"
(Zimbra S/MIME SMIME) |
(→Using S/MIME In Zimbra) |
||
(6 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
− | S/MIME is a method of signing and encrypting email. It is conceptually similar to | + | S/MIME is a method of signing and encrypting email. It is conceptually similar to [http://en.wikipedia.org/wiki/Pretty_Good_Privacy PGP]/[http://en.wikipedia.org/wiki/GNU_Privacy_Guard GnuPG], but using SSL certificates. Zimbra natively supports S/MIME in the browser interface. |
+ | |||
+ | Email information sent via S/MIME is stored encrypted at rest on the remote mail server and can only be decrypted by utilizing the recipients public PGP key. | ||
+ | |||
+ | XMission's [https://xmission.com/zimbra Zimbra] email service supports S/MIME in the webmail interface. | ||
''JAVA DISCLAIMER:'' - S/MIME uses a Java applet, this means end-users need working Java, which will take effort since many manufacturers, software applications, and Operating Systems, have all had rounds of disabling Java everywhere | ''JAVA DISCLAIMER:'' - S/MIME uses a Java applet, this means end-users need working Java, which will take effort since many manufacturers, software applications, and Operating Systems, have all had rounds of disabling Java everywhere | ||
− | |||
== S/MIME Certificates == | == S/MIME Certificates == | ||
Line 22: | Line 25: | ||
** See: http://www.zimbra.com/forums/users/56471-secureemail-_signmessage.html | ** See: http://www.zimbra.com/forums/users/56471-secureemail-_signmessage.html | ||
− | |||
− | The "S/MIME" feature must be enabled by XMission staff for accounts. | + | == Contact XMission to Enable S/MIME for the Mailbox Account == |
+ | |||
+ | The "S/MIME" feature must be enabled by XMission staff for accounts. XMission only enables by account actively requiring S/MIME support. | ||
== Using S/MIME In Zimbra == | == Using S/MIME In Zimbra == | ||
− | Once the certificate is installed in the user's browser and S/MIME is enabled on the account, the user can begin using S/MIME. | + | Once the certificate is installed in the user's browser and S/MIME is enabled on the account, the user can begin using S/MIME. |
+ | |||
+ | S/MIME makes use of Java and that the client certificate needs to be installed at the time that Zimbra loads. If you add a certificate to your browser's store, reload Zimbra for it to pick it up. | ||
When sending a message, there will now be a security button on the toolbar. The user can use this button to sign or encrypt any given message. The default action can be changed in Preferences -> Mail -> Security. They can also view what certificates Zimbra detects in their browser from the Security Preferences pane. | When sending a message, there will now be a security button on the toolbar. The user can use this button to sign or encrypt any given message. The default action can be changed in Preferences -> Mail -> Security. They can also view what certificates Zimbra detects in their browser from the Security Preferences pane. | ||
− | There needs to be a certificate for every email address | + | XMission Zimbra accounts can send encrypted messages to recipients only if they have the recipients’ public-key certificate stored in one of the following: |
+ | |||
+ | * recipient’s contact in their Address Book | ||
+ | * local OS or browser keystore | ||
+ | * external LDAP directory | ||
+ | |||
+ | Important Note: | ||
+ | |||
+ | There needs to be a certificate for every email address a sender needs to send signed or encrypted email from. In other words, if they have a cert for user@example.com, but not alias@example.com, they can't send signed or encrypted mail when sending from the alias address. | ||
+ | |||
+ | The S/MIME feature has to be activated by XMission per account. It is not enabled by default. Please email requests to support@xmission.com. | ||
+ | |||
+ | The [http://www.zimbra.com/downloads/zimbra-desktop Zimbra Desktop] application does not support S/MIME encryption, only the webmail interface. | ||
+ | [[Category:Zimbra|S/MIME Encryption]] |
Latest revision as of 13:01, 6 January 2015
Contents
Introduction
S/MIME is a method of signing and encrypting email. It is conceptually similar to PGP/GnuPG, but using SSL certificates. Zimbra natively supports S/MIME in the browser interface.
Email information sent via S/MIME is stored encrypted at rest on the remote mail server and can only be decrypted by utilizing the recipients public PGP key.
XMission's Zimbra email service supports S/MIME in the webmail interface.
JAVA DISCLAIMER: - S/MIME uses a Java applet, this means end-users need working Java, which will take effort since many manufacturers, software applications, and Operating Systems, have all had rounds of disabling Java everywhere
S/MIME Certificates
S/MIME requires an SSL certificate.
Free browser certificates can be had at StartSSL. Mozilla also has a list of free S/MIME certificate providers: http://kb.mozillazine.org/Getting_an_SMIME_certificate.
The S/MIME certificate should be both installed into the user's browser and backed up to a safe location. Firefox has it's own certificate management, while other browsers generally use the operating system's cert management.
- Firefox: http://kb.mozillazine.org/Installing_an_SMIME_certificate
- Windows: http://support.microsoft.com/kb/823503
- Mac OS X: http://arstechnica.com/apple/2011/10/secure-your-e-mail-under-mac-os-x-and-ios-5-with-smime/
- OS X users may need to update/install Java directly from oracle.
- Linux: http://code.google.com/p/chromium/wiki/LinuxCertManagement
- Linux isn't officially supported by Zimbra, and, though I've only spent limit effor, I haven't had any luck getting it to work on Linux. YMMV, and I expect it can't be made to work in the current version.
- See: http://www.zimbra.com/forums/users/56471-secureemail-_signmessage.html
Contact XMission to Enable S/MIME for the Mailbox Account
The "S/MIME" feature must be enabled by XMission staff for accounts. XMission only enables by account actively requiring S/MIME support.
Using S/MIME In Zimbra
Once the certificate is installed in the user's browser and S/MIME is enabled on the account, the user can begin using S/MIME.
S/MIME makes use of Java and that the client certificate needs to be installed at the time that Zimbra loads. If you add a certificate to your browser's store, reload Zimbra for it to pick it up.
When sending a message, there will now be a security button on the toolbar. The user can use this button to sign or encrypt any given message. The default action can be changed in Preferences -> Mail -> Security. They can also view what certificates Zimbra detects in their browser from the Security Preferences pane.
XMission Zimbra accounts can send encrypted messages to recipients only if they have the recipients’ public-key certificate stored in one of the following:
- recipient’s contact in their Address Book
- local OS or browser keystore
- external LDAP directory
Important Note:
There needs to be a certificate for every email address a sender needs to send signed or encrypted email from. In other words, if they have a cert for user@example.com, but not alias@example.com, they can't send signed or encrypted mail when sending from the alias address.
The S/MIME feature has to be activated by XMission per account. It is not enabled by default. Please email requests to support@xmission.com.
The Zimbra Desktop application does not support S/MIME encryption, only the webmail interface.