Thanks for the prompt response. Would it be possible to actually unify the whole ordeal within the Admin UI ? This would mean giving the ability to:
- Generate a CSR for sending to the Certificate Authority.
- Paste the PEM certificate sent back from the Certificate Authority.
- Install the received PEM certificate into Tomcat's keystore for HTTPS access.
- Install, by exporting and converting per the above instructions, the certificate & key pair for Postfix.
The reason I would lead towards this is that the folks who are using commercial certificates are really met with a hassle to install them. And before you say "Save the hassle use the simple self signed ones" as some people in the forums have, it is important to note that all mobile users with Palm Treo's newer than the 650 will require a commercial certificate as there is no "easy way" to make them accept a self signed certificate. So basically Zimbra Mobile will not work properly on some phones without a commercial certificate.
My reasoning is that it should be more simple than it currently is, to install a commercial certificate on a product geared towards business / enterprise use.
Also unifying the whole thing in the UI using similar steps as outlined in this post will prevent ever exposing the private key via the UI. The only thing which will be exposed via the Admin UI is the CSR to generate the PEM certificate. Once generated and submitted through the Admin UI everything can take place internally.
Thank you again for the prompt response and for submitting the bug request.
Cheers,
RioGD
Post Scriptum: I had added this to the wiki
here but would actually like for it to be redone by someone who has better wikifu than I do
and perhaps placed in a better location etc...