 Recreating self signed certificate problem
Hi all,
I'm use ZCS 5.0.14 on Debian 4.
My certificate expired and i recreated with Administration Console Certificates tool. Everything is OK with new date in Admin GUI, but i am not able to add Certificate in Windows Trusted Root CA, only in Other People Zone. With first Certificate, generated on Zimbra installation was no problem to do that. But now IE each time give Certificate Error.
mail:/home/akozarev# openssl s_client -connect *.*.*.*:995 -showcerts
CONNECTED(00000003)
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
i:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
-----BEGIN CERTIFICATE-----
MIICmzCCAgSgAwIBAgIFEmkGknEwDQYJKoZIhvcNAQEEBQAwgY oxCzAJBgNVBAYT
AlVTMQwwCgYDVQQIEwNOL0ExDDAKBgNVBAcTA04vQTEjMCEGA1 UEChMaWmltYnJh
IENvbGxhYm9yYXRpb24gU3VpdGUxIzAhBgNVBAsTGlppbWJyYS BDb2xsYWJvcmF0
aW9uIFN1aXRlMRUwEwYDVQQDEwxtYWlsLmxzaXAuYmcwHhcNMT AwMzIwMDcxNDMz
WhcNMTEwMzIwMDcxNDMzWjB8MQswCQYDVQQGEwJVUzEMMAoGA1 UECBMDTi9BMSMw
IQYDVQQKExpaaW1icmEgQ29sbGFib3JhdGlvbiBTdWl0ZTEjMC EGA1UECxMaWmlt
YnJhIENvbGxhYm9yYXRpb24gU3VpdGUxFTATBgNVBAMTDG1haW wubHNpcC5iZzCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6IRRU7ZaPfPEVK LBQ+I1ke/Cn6os
MVflWpQvTeQKzyfcUOdnwTl7XWFL3L0b2KzoQiR/0iSEi+bIeAEwigbO4P5ITFJV
sy6uzs48e7sH590Vcz2qTYgTumq+14S9Q+aipzKKUu4JdR7mQc haX6HqaTGy2+fe
vgFaFiorVazjzosCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ 8EBAMCBeAwDQYJ
KoZIhvcNAQEEBQADgYEATHoj9AnzbAYb4AT36fyNvx+RmjRUi1 4fkJ/3JaHhkbLP
oAFgPsL5S+f1dPnHQxhY5SQd9KmzIUfSdDcw/F0mgHUUMMxIJm6Pua/x1dULlD/Y
w+aNCgwb/9XlJztf8NMl63Tb8GelSN/JDvrfRVUxU6pe66sMVAhs++uZuTo6TjE=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
issuer=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
---
No client certificate CA names sent
---
SSL handshake has read 833 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 929394495EA1310A745E1A1D8FC3EA1F867992ED0C0C1CEF15 2A3F9F759A037D
Session-ID-ctx:
Master-Key: F0597CBBD1852FEA93BCE4639FD9D826FC5D3C9B52D52EEEB8 4E46BB684C4D7827C2E9BB15E4777A010A9CF28CBC3E4D
Key-Arg : None
Start Time: 1269274638
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
Next:
mail:/# openssl verify /opt/zimbra/ssl/zimbra/ca/ca.pem
/opt/zimbra/ssl/zimbra/ca/ca.pem: /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.bg
error 18 at 0 depth lookup:self signed certificate
/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=*.*.*
error 10 at 0 depth lookup:certificate has expired
OK
Why is this error: 10 at 0 depth lookup:certificate has expired, when Admin GUI shows correct expiration date?
Help please and thanks in advance.
Sorry for my bad English.
Andrey
Last edited by akozarev; 03-22-2010 at 10:58 AM..
| 
Bugzilla
Wiki
Source
Linear Mode
