Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Trusting self-signed certificates

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-05-2010, 11:27 AM
Member
  
Posts: 10
Default Trusting self-signed certificates
Hi,
I've been working on this issue for some time now and just can't seem to figure out where I'm going wrong. I'm trying to get Internet Explorer 8 to trust the certificate presented by Zimbra in the ZWC but no matter what I try, I just can't get a trusted connection. All my users are getting the warning page in IE8 and have to click on 'continue to this page' link to get to the Zimbra login page. This page also appears sometimes when they're working within Zimbra -- eg. opening PDF attachments -- and is interrupting to say the least.

I have tried importing the certificate into various places including the 'Trusted Root Certification Authorities' store as is recommended in various places and it makes no difference. I double-checked that the certificates were in fact imported into these stores using the Certificates MMC console. I've made sure that the domain for the zimbra host matches the certificate. The workstations are running XP SP3 with latest IE8, but I also had this problem on IE7 before upgrading.

Any help with this would be greatly appreciated. Thank you.
Reply With Quote
  #2 (permalink)  
Old 03-08-2010, 05:58 PM
Member
  
Posts: 10
Default
Well, I finally made some progress. Of course, being relatively new to CAs, certificate trust chains, etc. I ended up wasting half my day figuring it out.

Most of the research I did pointed to importing the certificate presented to the browser when using the ZWC into the Trusted Root Certification Authorities store, which no matter how many dozens of ways I did it made no difference. I ended up going into /opt/zimbra/ssl/zimbra/ca and converting the PEM format ca.pem certificate into Windows compatible DER format:

openssl x509 -inform PEM -in ca.pem -outform DER -out ca.cer

Then I imported this into the Trusted Root Certification Authorities store and finally I'm not getting the warnings from IE.

I did have one more question for anyone knowledgeable with certificates and domains/DNS. I'd like to use the servers host name as the URL instead of the FQDN (e.g. https://mail/ instead of https://mail.subdomain.domain.com/) to simplify things, but of course the browser then complains the URL doesn't match the certificate (issued to mail.subdomain.domain.com). Anyone know if this is possible without getting the warnings? I tried to create a certificate using just the hostname but it requires a proper domain name.
Reply With Quote
  #3 (permalink)  
Old 03-08-2010, 06:06 PM
raj raj is offline
Moderator
  
Posts: 768
Default
just for future ...you can just download the ca.pem and rename to ca.crt and double click on it in windows the install the cert..no need to convert

Raj
__________________
i2k2 Networks
Dedicated & Shared Zimbra Hosting Provider
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.