Results 1 to 9 of 9

Thread: IMAP/POP/SMTP SSL Cert warning

  1. #1
    scottnelson is offline Special Member
    Join Date
    Jun 2006
    Location
    Washington DC
    Posts
    124
    Rep Power
    9

    Default IMAP/POP/SMTP SSL Cert warning

    Clients using Mac-Mail, Outlook Express ( both on MAC and Windows ) and Thunderbird ( clients tested this far though I would suspect all of them would have this issue ) get the following warning every time they open/launch their client:

    "The server you are connected to is using a security certificate that could not be verified.
    A certificate chain processed correctly, but terminated in a root certificate which is not trusted by the trust provider.
    Do you want to continue using this server
    yes/no"

    Now, realizing that self signed certs will do this, poked around on openssl and other sites to try to figure out how to export or make a root cert that I can add to the client machines to avoid that warning, work right, etc.,etc.

    So, my question being: Can someone point me in the right direction, as to which cert I need to copy from the Zimbra server or cert I would need to create/export in order to add it to a client store to act as a root certifier?

    Thanks in advance. :-)

    Scotty

    edit: Running 3.1.4 on FC4
    Last edited by scottnelson; 07-05-2006 at 03:45 PM.

  2. #2
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Should be in : /opt/zimbra/ssl/ssl/server/

    If you figure it out please add the steps to this wiki page:

    http://wiki.zimbra.com/index.php?tit...icate_Problems
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    cranch is offline Starter Member
    Join Date
    Jul 2006
    Posts
    1
    Rep Power
    9

    Default

    I haven't tested this too much yet, but at least on the mac I was able to add it by doing the following:

    1.) Have IMAP account setup in Mail.app.
    2.) When the Cert window appears asking what to do, drag the actual "cert icon" off the window to your desktop.
    3.) Double click the .cert file on your desktop and add it in with your keychain password.

    *** You can double check that its in there by re-opening Mail.appl or Keychain Access.

  4. #4
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,367
    Rep Power
    10

    Default Choose The Correct Keychain

    Quote Originally Posted by cranch
    I haven't tested this too much yet, but at least on the mac I was able to add it by doing the following:

    1.) Have IMAP account setup in Mail.app.
    2.) When the Cert window appears asking what to do, drag the actual "cert icon" off the window to your desktop.
    3.) Double click the .cert file on your desktop and add it in with your keychain password.

    *** You can double check that its in there by re-opening Mail.appl or Keychain Access.
    For 3.) above, likely the Mac user will have several keychains, and they will need to add the cert to the X.509 keychain to eliminate the certificate challenge going forward.

    Mark

  5. #5
    dongqiu is offline Intermediate Member
    Join Date
    Oct 2006
    Posts
    20
    Rep Power
    8

    Default

    Quote Originally Posted by scottnelson View Post
    Clients using Mac-Mail, Outlook Express ( both on MAC and Windows ) and Thunderbird ( clients tested this far though I would suspect all of them would have this issue ) get the following warning every time they open/launch their client:

    "The server you are connected to is using a security certificate that could not be verified.
    A certificate chain processed correctly, but terminated in a root certificate which is not trusted by the trust provider.
    Do you want to continue using this server
    yes/no"

    Now, realizing that self signed certs will do this, poked around on openssl and other sites to try to figure out how to export or make a root cert that I can add to the client machines to avoid that warning, work right, etc.,etc.

    So, my question being: Can someone point me in the right direction, as to which cert I need to copy from the Zimbra server or cert I would need to create/export in order to add it to a client store to act as a root certifier?

    Thanks in advance. :-)

    Scotty

    edit: Running 3.1.4 on FC4
    I am running 4.04 NE on RHEL, when use thunderbird as client it give me a option the save the certificate permanently. But when use Outlook/OutlookExpress, this warning come up everytime I launch outlook. Is there a way to import and save the certificate in outlook?

    Please advise.

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,436
    Rep Power
    56

    Default

    This is rather an old thread, it would have been better to start a new thread for this topic. Anyway, almost all of these answers should tell you the answer.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    dongqiu is offline Intermediate Member
    Join Date
    Oct 2006
    Posts
    20
    Rep Power
    8

    Default

    Quote Originally Posted by phoenix View Post
    This is rather an old thread, it would have been better to start a new thread for this topic. Anyway, almost all of these answers should tell you the answer.
    Thanks very much

  8. #8
    jdell is offline Project Contributor
    Join Date
    Jul 2006
    Location
    Reno, NV, USA
    Posts
    203
    Rep Power
    8

    Default root cert

    Quote Originally Posted by scottnelson View Post
    Now, realizing that self signed certs will do this, poked around on openssl and other sites to try to figure out how to export or make a root cert that I can add to the client machines to avoid that warning, work right, etc.,etc.

    So, my question being: Can someone point me in the right direction, as to which cert I need to copy from the Zimbra server or cert I would need to create/export in order to add it to a client store to act as a root certifier?

    Thanks in advance. :-)
    Probably late to this party, but thought I'd offer another bit on this...

    I wrote a wiki page for how to get the root cert onto a Nokia phone which isn't relevant, but the part about converting it to DER format and putting it into a web accessible URL might be useful.

    http://wiki.zimbra.com/index.php?title=Nokia_E62

    Double-clicking a .DER file on my mac will allow me to import it as an x509 anchor which makes the cert errors go away in Mail.app, etc

    John

  9. #9
    dongqiu is offline Intermediate Member
    Join Date
    Oct 2006
    Posts
    20
    Rep Power
    8

    Default One more question

    Quote Originally Posted by phoenix View Post
    This is rather an old thread, it would have been better to start a new thread for this topic. Anyway, almost all of these answers should tell you the answer.
    by using your answer, I got rid of the certificate warning on receiving emails in outlook. But when I try to send email with SSL enabled SMTP, I still got the certificate warning. any idea how to over come this warning?

    Thanks in advance.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 03-25-2007, 09:40 PM
  2. Replies: 9
    Last Post: 01-26-2007, 06:31 AM
  3. Multi Name SSL Cert Question
    By kirme3 in forum Administrators
    Replies: 1
    Last Post: 09-20-2006, 03:15 PM
  4. SSL Cert Problem using SOAP API
    By pbwebguy in forum Developers
    Replies: 1
    Last Post: 06-06-2006, 05:29 PM
  5. SSL Error - Wrong name on Cert
    By drogers in forum Users
    Replies: 1
    Last Post: 11-17-2005, 09:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •