IMAP/POP/SMTP SSL Cert warning

[scottnelson]

Clients using Mac-Mail, Outlook Express ( both on MAC and Windows ) and Thunderbird ( clients tested this far though I would suspect all of them would have this issue ) get the following warning every time they open/launch their client:

"The server you are connected to is using a security certificate that could not be verified.
A certificate chain processed correctly, but terminated in a root certificate which is not trusted by the trust provider.
Do you want to continue using this server
yes/no"

Now, realizing that self signed certs will do this, poked around on openssl and other sites to try to figure out how to export or make a root cert that I can add to the client machines to avoid that warning, work right, etc.,etc.

So, my question being: Can someone point me in the right direction, as to which cert I need to copy from the Zimbra server or cert I would need to create/export in order to add it to a client store to act as a root certifier?

Thanks in advance. :-)

Scotty

edit: Running 3.1.4 on FC4

[KevinH]

Should be in : /opt/zimbra/ssl/ssl/server/

If you figure it out please add the steps to this wiki page:

http://wiki.zimbra.com/index.php?tit...icate_Problems

[cranch]

I haven't tested this too much yet, but at least on the mac I was able to add it by doing the following:

1.) Have IMAP account setup in Mail.app.
2.) When the Cert window appears asking what to do, drag the actual "cert icon" off the window to your desktop.
3.) Double click the .cert file on your desktop and add it in with your keychain password.

*** You can double check that its in there by re-opening Mail.appl or Keychain Access.

[LMStone]

Quote:

Originally Posted by cranch

I haven't tested this too much yet, but at least on the mac I was able to add it by doing the following:

1.) Have IMAP account setup in Mail.app.
2.) When the Cert window appears asking what to do, drag the actual "cert icon" off the window to your desktop.
3.) Double click the .cert file on your desktop and add it in with your keychain password.

*** You can double check that its in there by re-opening Mail.appl or Keychain Access.

For 3.) above, likely the Mac user will have several keychains, and they will need to add the cert to the X.509 keychain to eliminate the certificate challenge going forward.

Mark

[dongqiu]

Quote:

Originally Posted by scottnelson

Clients using Mac-Mail, Outlook Express ( both on MAC and Windows ) and Thunderbird ( clients tested this far though I would suspect all of them would have this issue ) get the following warning every time they open/launch their client:

"The server you are connected to is using a security certificate that could not be verified.
A certificate chain processed correctly, but terminated in a root certificate which is not trusted by the trust provider.
Do you want to continue using this server
yes/no"

Now, realizing that self signed certs will do this, poked around on openssl and other sites to try to figure out how to export or make a root cert that I can add to the client machines to avoid that warning, work right, etc.,etc.

So, my question being: Can someone point me in the right direction, as to which cert I need to copy from the Zimbra server or cert I would need to create/export in order to add it to a client store to act as a root certifier?

Thanks in advance. :-)

Scotty

edit: Running 3.1.4 on FC4

I am running 4.04 NE on RHEL, when use thunderbird as client it give me a option the save the certificate permanently. But when use Outlook/OutlookExpress, this warning come up everytime I launch outlook. Is there a way to import and save the certificate in outlook?

Please advise.

[phoenix]

This is rather an old thread, it would have been better to start a new thread for this topic. Anyway, almost all of these answers should tell you the answer.

[dongqiu]

Quote:

Originally Posted by phoenix

This is rather an old thread, it would have been better to start a new thread for this topic. Anyway, almost all of these answers should tell you the answer.

Thanks very much

[jdell]

Quote:

Originally Posted by scottnelson

Now, realizing that self signed certs will do this, poked around on openssl and other sites to try to figure out how to export or make a root cert that I can add to the client machines to avoid that warning, work right, etc.,etc.

So, my question being: Can someone point me in the right direction, as to which cert I need to copy from the Zimbra server or cert I would need to create/export in order to add it to a client store to act as a root certifier?

Thanks in advance. :-)

Probably late to this party, but thought I'd offer another bit on this...

I wrote a wiki page for how to get the root cert onto a Nokia phone which isn't relevant, but the part about converting it to DER format and putting it into a web accessible URL might be useful.

http://wiki.zimbra.com/index.php?title=Nokia_E62

Double-clicking a .DER file on my mac will allow me to import it as an x509 anchor which makes the cert errors go away in Mail.app, etc

John

[dongqiu]

Quote:

Originally Posted by phoenix

This is rather an old thread, it would have been better to start a new thread for this topic. Anyway, almost all of these answers should tell you the answer.

by using your answer, I got rid of the certificate warning on receiving emails in outlook. But when I try to send email with SSL enabled SMTP, I still got the certificate warning. any idea how to over come this warning?

Thanks in advance.