zmcertctl ignores "subject"

[MightyBob]

Hi,

After searching the forum for a great answer... I've found nothing, so I decided to post.

My configuration is quite simple: One Ubuntu 8.04 Server with ZCS 6.0.4 (64bit).

Code:

zimbra@hl-zcs:~$ zmcontrol -v
Release 6.0.4_GA_2038.UBUNTU8_64 UBUNTU8_64 FOSS edition.

I would like to change the generic "Zimbra Collaboration Suite" certificates for my own self signed certificate. To do so, I've followed the procedure found on the wiki. Everything ran perfectly, but the result is disapointing.

Here are the command and result:

Code:

root@hl-zcs:~# /opt/zimbra/bin/zmcertmgr createcrt -new -days 1825 -subject "/C=FR/ST=Alsace/L=XXXXXX/O=Hopital de XXXXXX/O=Service Informatique/CN=*.hl-XXXXXX.fr"
Validation days: 1825
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100112170309
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100112170309
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.


root@hl-zcs:~# /opt/zimbra/bin/zmcertmgr createcrt -new -days 1825 -subjectAltNames "mail.hl-XXXXXX.fr,hl-zcs.hlXXXXXX.local"
Validation days: 1825
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100112170410
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100112170410
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.


root@hl-zcs:~# /opt/zimbra/bin/zmcertmgr deploycrt self -allserver
** Saving global config key zimbraSSLCertificate...done.
** Saving global config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.


root@hl-zcs:~# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
::service mta::
notBefore=Jan 12 16:04:14 2010 GMT
notAfter=Jan 11 16:04:14 2015 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
SubjectAltName= hl-zcs.hlXXXXXX.local, mail.hl-XXXXXX.fr
::service proxy::
notBefore=Jan 12 16:04:14 2010 GMT
notAfter=Jan 11 16:04:14 2015 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
SubjectAltName= hl-zcs.hlXXXXXX.local, mail.hl-XXXXXX.fr
::service mailboxd::
notBefore=Jan 12 16:04:14 2010 GMT
notAfter=Jan 11 16:04:14 2015 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
SubjectAltName= hl-zcs.hlXXXXXX.local, mail.hl-XXXXXX.fr
::service ldap::
notBefore=Jan 12 16:04:14 2010 GMT
notAfter=Jan 11 16:04:14 2015 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
SubjectAltName= hl-zcs.hlXXXXXX.local, mail.hl-XXXXXX.fr

As you can read, "subject" and "issuer" are not exactly what we can expect as a good result!!!

Any good idea is welcome!!!

Best regards,
Bob

[MightyBob]

Hi,

It seems that no one is able to help me...

To be sure this issue is not related to my installation, I've build a VM with a fresh new Ubuntu 8.04 LTS Server with only ZCS 6.04 (all is 64 bits).

And I can confirme this is an issue every one can easyly experiment.

Am I alone?

Thanks for your help

Best Regards,
Bob