[SOLVED] CA Cert Question.

[Nitecon]

Good morning ladies and gents.

I recently installed a CA cert from cacert.org, since I didn't feel like paying for one. The installation went fine...

Generated the csr downloaded the ca root and intermediate. Received my cert back and all is fine so far.

Here is the only problem I have.

The certificate is for mydomain.com

I access the server by going to subdomain.mydomain.com

By doing this I am notified that the cert is for the wrong site. It is only valid for mydomain.com.

Since I can't change the email domain to subdomain.mydomain.com for the reason that all email will then be user@subdomain.mydomain.com instead of user@mydomain.com. How do I fix this issue?

It's rather an important issue that needs to be fixed asap, so all information would be appreciated.

Thank you,
Will.

[uxbod]

So create the cert for subdomain.mydomain.com as that is the distinguished name of your server. It does not effect anything else and your emails will still be marked as domain.com.

[Klug]

You can create a new CSR for subdomain.mydomain.com and use this one.

Or get a wildcard certificate.

[Nitecon]

Thanks guys,

Now I seem to have a new issue that popped up, just for some background info I am running 5.0.10 on ubuntu 8.

I generated a wildcard cert got it signed etc.

After I generated the csr I restarted zimbra with zmcontrol stop && zmcontrol start...

Then I logged in again and used the root.crt and intermediate.crt from ca cert with my new wildcard.crt from ca cert. Like before I just did it through the admin control panel. Although this time it through an error at me saying...

...............

I just redid the same steps and now it is working... Does zimbra cache the certs for a specified time before it updates? To the new key pairs etc?

Find it rather odd that that happened.

Problem is solved now just curious as to why it did that.

Hopefully soon I can buy a proper ca cert, for now this should do fine