Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Z-Push Certificate Based Authentication

    Z-Push when using Kopano
    2
    2
    669
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • raphi59
      raphi59 last edited by raphi59

      Hello,

      I want to configure certificate based authentication for z-push so that only devices with a client certificate from our ca are able to synchronize via activesync.
      I tried to set the following option with the ca from a Univention server, but can still synchronize without setting a client certificate.

      // When using client certificates, we can check if the login sent matches the owner of the certificate.
      // This setting specifies the owner parameter in the certificate to look at.
      define("CERTIFICATE_OWNER_PARAMETER", "SSL_CLIENT_S_DN_CN");
      

      And if I’m setting a client certificate the client cannot setup the account (I cant see any errors in the z-push logs).

      Am I missing a configuration or am I making another misconfiguration?

      Manfred 1 Reply Last reply Reply Quote 0
      • Manfred
        Manfred Kopano @raphi59 last edited by

        Hi @raphi59,

        @raphi59 said in Z-Push Certificate Based Authentication:

        Hello,

        I want to configure certificate based authentication for z-push so that only devices with a client certificate from our ca are able to synchronize via activesync.
        I tried to set the following option with the ca from a Univention server, but can still synchronize without setting a client certificate.

        // When using client certificates, we can check if the login sent matches the owner of the certificate.
        // This setting specifies the owner parameter in the certificate to look at.
        define("CERTIFICATE_OWNER_PARAMETER", "SSL_CLIENT_S_DN_CN");
        

        In Z-Push client certificate is optional for authentication. That means that the users without a certificate will be able to login using the correct username and password. If you want to allow only users with certificates, you’ll have to do some code changes.

        And if I’m setting a client certificate the client cannot setup the account (I cant see any errors in the z-push logs).

        Am I missing a configuration or am I making another misconfiguration?

        It’s difficult to say anything without Z-Push/webserver logs. Is the auth user the same as SSL_CLIENT_S_DN_CN value?

        Manfred

        1 Reply Last reply Reply Quote 0
        • First post
          Last post