Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation
Reload this Page best/secure way to access webclient from web?

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-23-2009, 03:19 PM
Loyal Member
  
Posts: 76
Default best/secure way to access webclient from web?
Hi,
My boss just asked me to provide a laptop from which he can access his email remotely. As I already pushed him to the zimbra webclient instead of outlook (still chafes occasionally), I gather his demand translates into providing a secure access to the zimbra server's webpage.
Could SSH tunneling to the server on some high port a solution?
the ssh keys will be preloaded on the laptop (of course he hates typing/remembering passwords)
A guide or stepbystep description would also help me enormously

regards
glenn
Reply With Quote
  #2 (permalink)  
Old 05-24-2009, 12:31 AM
Moderator
  
Posts: 7,929
Default
What is wrong with HTTPS to the web client ? Alternatively you could always setup a VPN link into your LAN.
__________________
Reply With Quote
  #3 (permalink)  
Old 05-28-2009, 01:32 AM
Outstanding Member
  
Posts: 594
Default
HTTPS works in secure way. Why not use it
Reply With Quote
  #4 (permalink)  
Old 05-28-2009, 08:38 AM
Loyal Member
  
Posts: 76
Default
thank to the both of you.
I'll need to refresh my https knowledge then.
For user authentication, do I need a 3rd party certificate per user or will self-signed ones do?
Reply With Quote
  #5 (permalink)  
Old 05-28-2009, 08:49 AM
y@w y@w is offline
Moderator
  
Posts: 658
Default
That really depends upon your users' requirements. If you don't mind that they have to click a few buttons to accept a self-signed certificate warning in their browser then there's really no reason that you need to purchase a certificate and the self-signed one will do.
__________________
What a n00b!
Reply With Quote
  #6 (permalink)  
Old 05-29-2009, 12:25 AM
Loyal Member
  
Posts: 76
Default
You immediately hit the weak point! I don't mind, but THEY will!
thanks
Reply With Quote
  #7 (permalink)  
Old 05-29-2009, 12:29 AM
Moderator
  
Posts: 7,929
Default
Then get them to purchase a commercial certificate
__________________
Reply With Quote
  #8 (permalink)  
Old 06-20-2009, 11:28 AM
Loyal Member
  
Posts: 76
Default
thanks to your replies (and gentle chiding) here, the mail can now be consulted remotely.
It was surprisingly easy, albeit with extra twist courtesy of our ISP
1. ask the domain hosting co to add a cname record to the dyndns ext. name
2. add router rule forwarding a external high port to the server 443 port
(1,2 because ISP will only sell static IP and open 443 port at exorbitant high prices)
3. restart zimbra in https only mode (zmtlsctl)
4. add exceptions for selfsigned cert in firefox
5. open https://cname:highport

and presto, zimbra is here (and way over there )

Just one follow-up question:
Can I disable the automatic sending of the certificate by the server?

I'd like install the certificate manually on the laptops.
Incoming requests to the server would not get even to the login screen if the certificate is not already present on the caller's machine.

best regards
glenn
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.