Results 1 to 8 of 8

Thread: All Zimbra service SSL only

  1. #1
    Lebha is offline Intermediate Member
    Join Date
    Aug 2007
    Posts
    23
    Rep Power
    7

    Default All Zimbra service SSL only

    Hello,

    I have simple question, albeit one that has not been asked before: how do i configure all services that require authentication, i.e. move user credentials along the wire, to use SSL?

    I have already disabled clear text login to IMAP and ZWC, but how to allow e.g. webdav access via https only? What about other services that might allow clear text logins?

  2. #2
    ProTip is offline Junior Member
    Join Date
    Sep 2009
    Posts
    6
    Rep Power
    5

    Default

    You can disallow clear text logins to pop and imap under the global settings section of your administration console. For webmail, try 'zmtlsctl redirect'.

  3. #3
    Lebha is offline Intermediate Member
    Join Date
    Aug 2007
    Posts
    23
    Rep Power
    7

    Default

    Quote Originally Posted by ProTip View Post
    You can disallow clear text logins to pop and imap under the global settings section of your administration console. For webmail, try 'zmtlsctl redirect'.
    Exactly these steps I have already taken, as I tried to indicate in my original post. But my question was, what about the rest? WebDAV? LDAP? What else might there lurk that I don't even know about?

  4. #4
    veronica is offline Outstanding Member
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    The services like POP/IMAP/HTTP talk on public hence would make sense doing SSL.

    To enable SSl on LDAP change :-
    zmlocalconfig -e ldap_starttls_supported = 0 ( default is 1 )

    For enabling LDAPS following needs to be changed:-

    zmlocalconfig -e ldap_master_url = ldaps://ldapserver:636
    zmlocalconfig -e ldap_url = ldaps://replicaserver:636
    zmlocalconfig -e ldap_starttls_supported = 0
    zmlocalconfig -e ldap_port = 636

  5. #5
    Lebha is offline Intermediate Member
    Join Date
    Aug 2007
    Posts
    23
    Rep Power
    7

    Default

    Quote Originally Posted by veronica View Post
    zmlocalconfig -e ldap_master_url = ldaps://ldapserver:636
    zmlocalconfig -e ldap_url = ldaps://replicaserver:636
    zmlocalconfig -e ldap_starttls_supported = 0
    zmlocalconfig -e ldap_port = 636
    Thank you for the LDAP settings! Only remaining service I'm worried about is WebDAV. Does anybody know how to configure WebDAV to use SSL only?

  6. #6
    veronica is offline Outstanding Member
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    Did you try using : -


    https://<mailboxserver>/dav/<email>

  7. #7
    Dirk's Avatar
    Dirk is offline Moderator
    Join Date
    May 2006
    Location
    England.
    Posts
    927
    Rep Power
    10

    Default

    If you lock out the insecure ports at the firewall, you should be set. Our install only allows connections from the outside world on port 25 and 443, everything else is blocked.

    LDAP connections are only happening on the LAN and may or may not be secure, but that's currently a lower priority for me. Are you trying to ensure encryption of all traffic both internally and externally?

  8. #8
    cayaraa's Avatar
    cayaraa is offline Special Member
    Join Date
    Jul 2009
    Posts
    106
    Rep Power
    6

    Default

    I haven't looked at it yet but you might want to see if setting zimbraCalendarCalDavClearTextPasswordEnabled to false does it.

    $ zmprov gcf zimbraCalendarCalDavClearTextPasswordEnabled
    $ zmprov mcf zimbraCalendarCalDavClearTextPasswordEnabled false

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Upgrade to ZCS 5.10
    By blozancic in forum Installation
    Replies: 0
    Last Post: 10-21-2008, 08:03 AM
  2. Zimbra spam system
    By rajahd in forum Administrators
    Replies: 9
    Last Post: 04-16-2008, 07:25 PM
  3. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  4. Cleanup after many upgrades
    By tobru in forum Installation
    Replies: 1
    Last Post: 12-23-2007, 09:21 AM
  5. 3.1 on FC4 problems
    By cohnhead in forum Installation
    Replies: 8
    Last Post: 05-26-2006, 11:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •