Hi
My System:
Debian 5
Zimbra 6.0.10 OSE
Because of the fact that Outlook always asks for the "unsecure" ssl certificate I now would install the ca certificate of zimbra to my desktop.
So at first I recreate the server certificate of zimbra (Zimbra Admin UI).
Tools -> certificate
I set "self signed" certificate valid for 3650 days (10 years).
This works perfectly.
In "/opt/zimbra/ssl/zimbra/" is everything I need.
In the "server" folder I found the "server.crt" file.
I checked it with:
Code:
cd /opt/zimbra/ssl/zimbra/server/
openssl x509 -in server.crt -noout -text
I can see that the certificate is valid from "2011" to "2021".
I also have tested the chain:
Code:
cd /opt/zimbra/ssl/zimbra/ca
openssl verify -CAfile ca.pem /opt/zimbra/ssl/zimbra/server/server.crt
/opt/zimbra/ssl/zimbra/server/server.crt: OK
But my problem is now:
Code:
cd /opt/zimbra/ssl/zimbra/ca
openssl x509 -in ca.pem -noout -text
The Zimbra ca certificate is only valid from December 2010 to December 2011 (one year).
If the ca certificate is invalid also my server certificate is invalid.
Why does does zimbra sign an 10 year server zertificate with an 1 year ca certificate?
Is it possible to change this? I have only found "zmzertmgr createca [-new]".
yogg
Bugzilla
Wiki
Source
Zimbra self signed zertificates 
Linear Mode
