disabling ssl?

[seravitae]

Hey there, is there a way to disable SSL? I keep getting errors in the administration console when accessing MTA and other settings which I believe is because i dont have a certificate. I will not ever be getting a commercial certificate and the wiki didn't really explain how to get around this. Im not really interested in SSL as all users will communicate through a secure vpn anyways.

Any ideas?

Errors obtained:
----------------------------
(1) The server's name "10.1.1.10" does not match the certificate's name "lina.seravitae.com". Somebody may be trying to eavesdrop on you.
(2) The certificate for "lina.seravitae.com" is signed by the unknown Certificate Authority "lina.seravitae.com". It is not possible to verify that this is a valid certificate.

Server error encountered: Message: system failure: server lina.seravitae.com zimbraRemoteManagementPrivateKeyPath (/opt/zimbra/.ssh/zimbra_identity) does not exists Error code: service.FAILURE Method: GetServerNIfsRequest Details:soap:Receiver

[phoenix]

You can't disable SSL, try recreating the certificates.

[seravitae]

Hi bill, thanks for the response. I was/am following the guide and get up to this step with an interesting response:


zimbra@lina:~$ keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass zimbra
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect


not sure what to do here. seeing as i never had a certificate of any kind (new install) i attempted the "Single-Node Self-Signed Certificate" example in the wiki, which went smoothly and apparently generated a self-signed certificate. However i still get an invalid certificate error in firefox, and the original very long error still shows up in the admin console when i try to navigate anything important. also certificates as an option isnt shown there. (shouldnt it be?)

thanks so far.

[uxbod]

Code:

su - zimbra
zmcontrol -v

[seravitae]

Release 5.0.11_GA_2695.UBUNTU8 UBUNTU8 FOSS edition

[brian]

This guide is probably more appropriate. http://wiki.zimbra.com/index.php?tit...ed_Certificate

[seravitae]

yes, that is the one i was referring to that i followed.

evidence:
------------------------------
root@lina:/opt/zimbra/bin# ./zmcertmgr viewdeployedcrt
::service mta::
notBefore=Feb 23 09:40:02 2009 GMT
notAfter=Feb 23 09:40:02 2010 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=lina.seravitae.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=lina.seravitae.com
SubjectAltName=
::service proxy::
notBefore=Feb 23 09:40:02 2009 GMT
notAfter=Feb 23 09:40:02 2010 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=lina.seravitae.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=lina.seravitae.com
SubjectAltName=
::service mailboxd::
notBefore=Feb 23 09:40:02 2009 GMT
notAfter=Feb 23 09:40:02 2010 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=lina.seravitae.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=lina.seravitae.com
SubjectAltName=
::service ldap::
notBefore=Feb 23 09:40:02 2009 GMT
notAfter=Feb 23 09:40:02 2010 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=lina.seravitae.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=lina.seravitae.com
SubjectAltName=
--------------------------------------


unfortunately still getting the same error

i should say at this point also, if it helps, that the self-signed certificate is used because i am doing a small intranet zimbra platform, using split-horizon dns.

[seravitae]

sorry to bump the thread but i have not discovered anything further about this problem. the self-signed cert is apparently installed, im not sure what else to try.

if anyone can shed any light i'd appreciate it! i think the slightly misleading title may cause people to not read the thread. is it worth me waiting and posting a fresh thread, or somehow editing the name of this one?