I need some informations about how Zimbra manages self signed certificates.
I have found the following:
/opt/zimbra/ssl/zimbra/commercial (uninteresting, we use self signed ones)
"slapd.crt", "smtpd.crt" and "nginx.crt" are the same file (copied).
The source of this certificates seems to be "/opt/zimbra/ssl/zimbra/server/server.crt"
"/opt/zimbra/conf/ca/ca.pem" ist the same file like "/opt/zimbra/ssl/zimbra/ca/ca.pem".
It seems for me:
All self signed certificates are created in "/opt/zimbra/ssl/zimbra/" and copied to the conf directory ("/opt/zimbra/conf/").
1) How does zimbra use/control this certificates?
2) What does zimbra if an zertificate expires? (Auto recreate?)
3) On Master/Slave Systems "/opt/zimbra/conf/ca/ca.pem" have to be the same file on every node. Else the tls ldap connection fails.
How does zimbra manage this if the certificates expire?
4) The ca certificate is only valid one year. Is it possible to set this time higher? Is it possible to change the keysize and hash algorithms? Is there a config file ?
5) Why does zimbra give me on the admin webui the possibility to set the time for the server certificate to 10 years but only creates an ca certificate that is valid for one year? If the ca expires also the server certificate is invalid.