Results 1 to 1 of 1

Thread: Recreating self signed certificate problem

  1. #1
    akozarev is offline Starter Member
    Join Date
    Mar 2010
    Posts
    1
    Rep Power
    5

    Default Recreating self signed certificate problem

    Hi all,
    I'm use ZCS 5.0.14 on Debian 4.
    My certificate expired and i recreated with Administration Console Certificates tool. Everything is OK with new date in Admin GUI, but i am not able to add Certificate in Windows Trusted Root CA, only in Other People Zone. With first Certificate, generated on Zimbra installation was no problem to do that. But now IE each time give Certificate Error.

    mail:/home/akozarev# openssl s_client -connect *.*.*.*:995 -showcerts
    CONNECTED(00000003)
    depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
    verify error:num=27:certificate not trusted
    verify return:1
    depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
    verify error:num=21:unable to verify the first certificate
    verify return:1
    ---
    Certificate chain
    0 s:/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
    i:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
    -----BEGIN CERTIFICATE-----
    MIICmzCCAgSgAwIBAgIFEmkGknEwDQYJKoZIhvcNAQEEBQAwgY oxCzAJBgNVBAYT
    AlVTMQwwCgYDVQQIEwNOL0ExDDAKBgNVBAcTA04vQTEjMCEGA1 UEChMaWmltYnJh
    IENvbGxhYm9yYXRpb24gU3VpdGUxIzAhBgNVBAsTGlppbWJyYS BDb2xsYWJvcmF0
    aW9uIFN1aXRlMRUwEwYDVQQDEwxtYWlsLmxzaXAuYmcwHhcNMT AwMzIwMDcxNDMz
    WhcNMTEwMzIwMDcxNDMzWjB8MQswCQYDVQQGEwJVUzEMMAoGA1 UECBMDTi9BMSMw
    IQYDVQQKExpaaW1icmEgQ29sbGFib3JhdGlvbiBTdWl0ZTEjMC EGA1UECxMaWmlt
    YnJhIENvbGxhYm9yYXRpb24gU3VpdGUxFTATBgNVBAMTDG1haW wubHNpcC5iZzCB
    nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6IRRU7ZaPfPEVK LBQ+I1ke/Cn6os
    MVflWpQvTeQKzyfcUOdnwTl7XWFL3L0b2KzoQiR/0iSEi+bIeAEwigbO4P5ITFJV
    sy6uzs48e7sH590Vcz2qTYgTumq+14S9Q+aipzKKUu4JdR7mQc haX6HqaTGy2+fe
    vgFaFiorVazjzosCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ 8EBAMCBeAwDQYJ
    KoZIhvcNAQEEBQADgYEATHoj9AnzbAYb4AT36fyNvx+RmjRUi1 4fkJ/3JaHhkbLP
    oAFgPsL5S+f1dPnHQxhY5SQd9KmzIUfSdDcw/F0mgHUUMMxIJm6Pua/x1dULlD/Y
    w+aNCgwb/9XlJztf8NMl63Tb8GelSN/JDvrfRVUxU6pe66sMVAhs++uZuTo6TjE=
    -----END CERTIFICATE-----
    ---
    Server certificate
    subject=/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
    issuer=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 833 bytes and written 316 bytes
    ---
    New, TLSv1/SSLv3, Cipher is AES256-SHA
    Server public key is 1024 bit
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1
    Cipher : AES256-SHA
    Session-ID: 929394495EA1310A745E1A1D8FC3EA1F867992ED0C0C1CEF15 2A3F9F759A037D
    Session-ID-ctx:
    Master-Key: F0597CBBD1852FEA93BCE4639FD9D826FC5D3C9B52D52EEEB8 4E46BB684C4D7827C2E9BB15E4777A010A9CF28CBC3E4D
    Key-Arg : None
    Start Time: 1269274638
    Timeout : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)


    Next:

    mail:/# openssl verify /opt/zimbra/ssl/zimbra/ca/ca.pem
    /opt/zimbra/ssl/zimbra/ca/ca.pem: /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
    error 18 at 0 depth lookup:self signed certificate
    /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.*
    error 10 at 0 depth lookup:certificate has expired
    OK

    Why is this error: 10 at 0 depth lookup:certificate has expired, when Admin GUI shows correct expiration date?

    Help please and thanks in advance.
    Sorry for my bad English.

    Andrey
    Last edited by akozarev; 03-22-2010 at 10:58 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Self Signed Certificate Renewal
    By royqoro in forum Administrators
    Replies: 3
    Last Post: 01-06-2010, 08:37 PM
  2. problem with certificate + WM6?
    By raul_denia in forum Zimbra Mobile
    Replies: 0
    Last Post: 09-01-2008, 05:39 AM
  3. Problem with "Install the commercially signed certificate"
    By yuranchik in forum Administrators
    Replies: 1
    Last Post: 02-06-2008, 07:31 AM
  4. SSL certificate problem(?) Tomcat not working
    By akai in forum Installation
    Replies: 1
    Last Post: 07-02-2007, 02:43 PM
  5. Certificate problem with SMTP using TLS
    By yuit in forum Installation
    Replies: 4
    Last Post: 11-02-2006, 06:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •