Quote:
Originally Posted by quanah  Is the ca.pem file the CA cert from your CA? |
Yes.
Here are some dumps from it:
[root@mail ssl]# openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -noout -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
b9:cd:24:77:e9:24:ba:0f
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=CA, L=San Mateo, O=Zimbra, OU=Zimbra Collaboration Suite, CN=mail.ourdomain.com
Validity
Not Before: Dec 11 00:13:50 2007 GMT
Not After : Dec 10 00:13:50 2008 GMT
After much searching I found this flag that can be set in the conf for ldap and added the following line:
vi ./openldap-2.3.39.6z/etc/openldap/ldap.conf
# Added this to stop effin LDAP START_TLS errors - dad 01-JAN-2008
TLS_REQCERT never
I see log entries that lead me to believe that mail is flowing in, and three test messages I sent a while ago JUST appeared in one of the test accounts.
So.. maybe 5.0.1 will fix the problem with unexpired commercial certs or do I really have some other problem that this just happened to work with?
.....