getting ssl related popup in outlook

[chandu]

Hi,

As i mentioned in my another thread, after enabling TLS connection and IMAP / pop 3 with ssl we have to configure outlook with below ports :

465 - smtp with ssl
993 - imap with ssl
995 - pop3 with ssl

once we configured outlook with this..we gets below popup when we login in outlook :

"The server you are connected to is using a security certificate that could not be verified.
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
DO you want to continue using this server ?"

Our clients are using MS outlook 2003 and outlook express 2003.

How to removed this popup ? I searched within zimbra forum and on google, i got serveral useful sites with information but couldnt find out any solution..

I am using self-singed certificate...

I have installed server.crt, smtpd.crt,ca-bundle.crt on clients desktop but no use.

please help.


Thanks

[chandu]

can someone please suggest me regarding above issue ?

[chandu]

I have read below link :

Outlook users getting certificate warning

And ran below command on my test server :

openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -outform DER -out ca.der

And restarted zmcontrol services and installed ca.der file on windows machine and restarted pc. But now that pc not at all able to communicate to test server..outlook keep getting hang and going in offline mode. ...i m not getting any error logs in zimbra.log / audit.log / mailbox.log ...!!!!

I did this blindly ...i couldnt understand by using above command what it exactly does? ..wht is use of ca.der ?....now my test setup is mess up due to this command...is there any way to revert it back ...

How can we remove above mentioned pop up ??

Thanks

[chandu]

Hi,

I have reinstalled zimbra on test server with TLS connection and IMAP/ POP with ssl and followed below link :

Free/Busy Information in Outlook - Zimbra :: Wiki

and installed cacert.der file on win xp computer but still i m keep getting below message while accessing outlook with imap/pop/ smtp ssl


"The server you are connected to is using a security certificate that could not be verified.
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
DO you want to continue using this server ?"



why this self signed certificate is not getting recognized by outlook ? is there any way ?
is it mandatory to install commercial certificate ?


Please help.

[chandu]

Its look funny to keep replying your own post but I know most of the people face this issue..

OK.. now there is below new error message while opening outlook :


The certificate's CN name does not match the passed value

I googled this error and it seems certificate which we installed on desktop having different hostname than mail server's hostname and client's domain.

For e.g in my case.

1.Mail server's FQDN -> mail.example.com
2.Mail server's hostname -> mail
3.Zimbra server's logical name - > mail.example.com
4.cacert.der contains CN name -> example.com
5.Outlook is configured with customer's domain with incoming and outgoing server -> mail.customerdomain.com

So for testing purpose, I tried below mentioned settings in "hosts" file of win xp computer :

< public ip address of mail server > example.com
< public ip address of mail server > customerdomain.com

But still I am keep getting the CN related error ....Its getting because there is issue in identification of server name..

Can anyone please suggest me..how can i proceed now ?


Thanks