Untrusted Server Certificate Chain

[maumar]

Message: Csfe service error
Error code: service.PROXY_ERROR
Method: ZmCsfeCommand.invoke
Details:error while proxying request to target server (url=https://mailz.fbs.it:7071/service/admin/soap/): java.security.cert.CertificateException: Untrusted Server Certificate Chain

scenario: zimbra multiserver: 1 master with all services, the otehr with mta and mbox
i get this error when i logon into second store as admin, when i logon into master i get no error message
i haven't changed anything (hostname, etc) during last days, i have installed license previous week in either master server and in second store (i have a master zimbra and a second store)

i found this on wiki
SSL Certificate Problems - ZimbraWiki
i wonder if i should apply all what i read there
i have installed Release 4.5.6_GA_1044.RHEL5_20070706163724 CentOS5 on August, so ssl cert are not so old
i have installed 4.5.6_GA on master and in second store, either, on August
TIA
Maurizio

[jeffreyheinen]

What order did you build (or rebuild) the certificates and/or servers in? It is possible that you have an error with the Certificate Authority (CA) certificates like I have.


I have a MTA server, and a LDAP/MAILSTORE server. I had to rebuild the certs on the MAILSTORE, which included the CA certs. But because the MTA has the old root certificate, I am now getting that error. I know I have to replace it on the MTA and re-sign the server certificate. However, all of the documentation I have found is mailstore based. Everything wants me to recreate a new CA on the MTA and install it.

I do see where you can make sure that, at least, the LDAP has the correct information.

From the SSL Certificate documentation you have already linked to:

* To update CA cert stored in LDAP (as zimbra):

Code:

zmprov -l mcf zimbraCertAuthorityKeySelfSigned "`cat /opt/zimbra/ssl/ssl/ca/ca.key`"
zmprov -l mcf zimbraCertAuthorityCertSelfSigned "`cat /opt/zimbra/ssl/ssl/ca/ca.pem`"

* You can see your updated certs in LDAP now and compare them to contents of /opt/zimbra/ssl/ssl/ca (as zimbra)

Code:

zmprov -l gcf zimbraCertAuthorityKeySelfSigned 
zmprov -l gcf zimbraCertAuthorityCertSelfSigned

You should do those last two commands on both machines. That way you can see if your problem is the Cert Authority

If not, then we have more information to help you track down your problem.

[inotabi]

I have the same problem. But the problem happen on the second mailbox store.
In the admin console, each time i click in mailbox store 2, i receive the following error:
Message: Csfe service error
Error code: service.PROXY_ERROR
Method: ZmCsfeCommand.invoke
Details:error while proxying request to target server (url=https://serv2.abc.com:7071/service/admin/soap/): java.security.cert.CertificateException: Untrusted Server Certificate Chain

I have checked CA as your guiding, everything is ok but the error still appear.