We have finally found a work around. We did everything from the command line with the poorly documented zmcertmgr. The following is adapted from our internal documentation:
We can try to do this from the command line as root:
cd /opt/zimbra/bin
[root@smtp bin]# ./zmcertmgr createcsr comm -new "/C=US/O=MyCompany/OU=MailServers/CN=smtp.mycompany.com" -subjectAltNames "smtp.mycompany.com,smtp"
The CSR is stored in /opt/zimbra/ssl/zimbra/commercial/commercial.csr
Copy it to the configurating computer so we can generate the cert.
Edit the request in the CA as it does not appear the SubjAltName fields actually make it into the CSR.
Copy the new cert and the CA.pem file to root's home directory on the server. The do as root:
cd /opt/zimbra/bin
./zmcertmgr deploycrt comm ~/smtp.pem ~/CA.pem
It isn't a fix but it is a workaround. Hope this helps - John |