@kopanogobigred #ucs Kopano - Require client-side certificates

I need to configure client certificate requirements on my email sync

I am seeing a lot of brute force password attempts against the UCS Kopano mail server’s ActiveSync.

I was seeing it on the mail portal before, but added a google authenticator inside my reverse proxy for the URLs.

OTP is not an option on ActiveSync.

My clients are Microsoft Outlook, Windows 10 Mail, iPhone, and Android.

I am looking for setup/configuration instructions for client certificate setup.

I am currently also looking at forcing users through a per-app OpenVPN but that solution is chewing up a ton of battery on my test device and it is not very use friendly.

Hi @kopanogobigred,

there are no z-push specific requirements to ssl client cert auth, as all the auth is carried on by the webserver itself. So you only have to follow instructions on setting up client certs either for the apache webserver that UCS uses, or for your reverse proxy.