Thread: Issue sharing Address Books with Tomcat Commercial Cert SSL
View Single Post
  #3 (permalink)  
Old 03-25-2007, 10:40 PM
airbish airbish is offline
Member
  
Posts: 12
Default -tail of mail.log when trying to access shared calendar.
Looks like something is up with the root-->intermediate1->intermediate2 (no documentation whatsoever) enom/sbs cert.

The Strange thing is that all other aspects of the ssl communications (at least login/web and IMAP) with this cert seem to work ok. Firefox for example issues no cert warnings (or store and certs like it does with the self signed cert). Mail.app has no issues with it either. If it truly is an untrusted cert chain (like mail.log) indicates below, would there be other issues/indications?

Any ideas? Anyone else done an SBS (securebusinessservices) cert?

The only docs I could find were here:

http://www.securebusinessservices.co...icate-java.asp

I did all the instructions (including extracting the key and installing for the other services) from the zimbra commercial cert instructions at:

http://wiki.zimbra.com/index.php?tit...cate_Procedure

I hosed it up once because I didn't know there was an intermediate cert (much less two) required. I backed up the certs and ssl info (using the tar commands on the same page above.) I did the backups just AFTER I did the csr request. Perhaps I got the recovery of that information wrong when I restored it to try over. ?

Thanks for your assistance.

---

[root@zimbra log]# tail mailbox.log
at org.apache.commons.httpclient.HttpClient.executeMe thod(HttpClient.java:324)
at com.zimbra.soap.SoapHttpTransport.invoke(SoapHttpT ransport.java:192)
at com.zimbra.soap.SoapTransport.invokeWithoutSession (SoapTransport.java:254)
at com.zimbra.cs.index.ProxiedQueryResults.bufferNext Hits(ProxiedQueryResults.java:307)
... 35 more
Caused by: java.security.cert.CertificateException: Untrusted Server Certificate Chain
at com.sun.net.ssl.X509TrustManagerJavaxWrapper.check ServerTrusted(SSLSecurity.java:600)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager. checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:841)
... 55 more


---
(Tried to add output from keytool -list but the forum said I had 'included 5 images in my message' (which I took to read that somehow the output included what the system interpreted as 'smilies')....so I left it out. Chain looks valid to me though...
Reply With Quote