[SOLVED] How to install a new certificate for diferents domains

[miguel.a.velasco]

Hello, I installed a ZCS 6 server named s-darwin.mydomain.com one year ago. From the installation I´ve had problems with my ssl certificates when I access from Outlook or when I access to my webmail (https://webmail.mydomain.com) from IE (not from Firefox because we import the certificate).
I´ve read a lot of documentation about this issue and I think the thing is we have a certificate installed for s-darwin.mydomain.com and I´m trying to connect to diferent domains like for example webmail.mydomain.com or pop.mydomain.com.
Yesterday I tried to install a new certificate and I had a great number of problems. Finally, at night I had to restore my ZCS Server from a backup because it´s a producction server but I´d like to know how could I solve my certificate issue.
The steps I followed were:

1º.- Following this link I installed the new certificate:

/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr createcrt -new -days 10950 -subject "/C=US/ST=CA/L=NVA/O=ZCS/OU=ZCS/CN=s-darwin.saferain.com"
/opt/zimbra/bin/zmcertmgr createcrt -new -days 10950 -subjectAltNames "mail.saferain.com,pop.saferain.com,webmail.safera in.com"
/opt/zimbra/bin/zmcertmgr deploycrt self -allserver
/opt/zimbra/bin/zmcertmgr viewdeployedcrt

2º.- It looked run succesfully but when I restarted ZCS I found this error on ldap service:

Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.

and ZCS didn´t start succesfully ...

3º.- I tried to reinstall the certificate a lot of times but I never restored my server. I tried with these commands:
/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr createcrt -new -days 365
/opt/zimbra/bin/zmcertmgr deploycrt self
/opt/zimbra/bin/zmcertmgr viewdeployedcrt

... and the error didn´t disapear ... I even tried to restore the original certificates I previously backed up but nothing was solved ...

My question is: how could I install a new certificate for my s-darin.mydomain.com ZCS server that lets me to access diferents domains like webmail.mydomain.com, pop.mydomain.com, smtp.mydomain.com ...

I would be very grateful if someone could help me.
Thanks for your time.

Miguel A. Velasco
IT Manager

[ewilen]

If I understand your question correctly, you need a certificate that supports Subject Alternate Name (SAN), also known as a Unified Communications Certificate (UCC).

You also may want to vote for Bug 8128 - multiple SSL certificates on one server

[miguel.a.velasco]

Thanks ewilen for your reply.
I´ve voted for it.

Miguel A. Velasco

[vpp66]

This is certainly not beautiful, but I made the necessary changes to the file zmcertmgr and got me right certificate