| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
10-13-2011, 08:48 AM
| | |  Self signed certificates and browsers
Hello,
I am continuing with the Zimbra installation, counting the days until I can decommission my old Exchange server. I have now everything working pretty well except importing the self signed certificates in IE8 or Chrome.
On the browser, once I get the security warning Iīve gone ahead and installed the certificate which matches the URL I am using to access the web client. The installation ends saying the installation was successful, however after trying it 10 times it doesnīt appear under any of the certificate stores I have placed it in. I have also tried downloading it first and then installing it. Same result. Of course, this is not working either in Outlook 2007. I get there the same security warning.
However, strangely enough under de MMC snap-in, I do see the self-signed certificate. Donīt understand why I can see it there, but I cannot see it through the browsers. And why if it is installed, I keep getting the security warnings.
By the way I am on Win7 and also XP.
Thanks in advance!
GP  |
10-13-2011, 12:18 PM
| | Special Member | |
Posts: 138
| |
You got me curious so I thought I'd do some checks myself.
I am running Zimbra 7.1.2 OSE on Ubuntu 10.04.3 LTS using self-signed certificates at the moment.
Mozilla Firefox 7.0.1, 32-bit (on Windows 7, 64-bit) - It accepted the cert and did not ask for it again (works). I can find it under Options --> Advanced --> Encryption --> View Certificates --> Servers tab --> Zimbra Collaboration Suite
They are listed for both the client and admin locations as well as my domain-level access and server name due to how I accessed them via the address bar.
MS Internet Explorer 9.0, 32-bit (on Windows 7, 64-bit) - It does not accept the certificate but it does allow me to access the site. At no point does it allow me to "accept" the certificate and be happy. It barks about it each time I initially access the site. And since it does not accept the certificate as being valid, it will not show up in the "view certificates" section.
LHammonds
Last edited by LHammonds; 10-13-2011 at 12:27 PM..
|
10-13-2011, 12:44 PM
| | |
Hi LHammonds,
Thank you for your reply. I know Firefox has always been more forgiving with self-signed certificates, unfortunately we do not support Firefox in our organization.
However, I have to mention that I am able to access the site, and like you I have IE and Google giving out warnings about the unsafe certificate. My aim is to remove these warnings. In the past I have used self-signed certificates with these browsers and I canīt remember having these problems.
GP |
10-13-2011, 12:53 PM
| | |
This works for us on IE as well as Outlook: Free/Busy Information in Outlook - Zimbra :: Wiki
Doug
__________________
Ben Franklin quote:
"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
|
10-13-2011, 01:35 PM
| | |
Doug, wow, that worked!
Thanks a lot.
GP |
10-13-2011, 04:42 PM
| | |
Hello again,
BTW, this worked on Win7, but it is not working for WinXP.
GP |
10-14-2011, 02:36 AM
| | |
This works fine with all of our Windows XP installs, which is quite a few.
Doug
__________________
Ben Franklin quote:
"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
|
10-14-2011, 06:45 AM
| | Special Member | |
Posts: 138
| |
Quote:
Originally Posted by lytledd  | Thanks Doug for the info / link. I've included this bit of info in my own documentation. EDIT: Actually, the Zimbra wiki article is only good for one or two computers in a non-domain environment. If you have a Windows Active Directory domain, it is MUCH easier to just add the certificate to Group Policy and all your connected machines magically accept the certificate...no messing around with each PC. Again, this is just for the self-signed certs...if you are using this in production, it is recommended to get a commercial cert and these steps are not necessary.
Here is how I did it on my Windows 2003 domain for my Zimbra test server: - On the domain controller, open Active Directory Users and Computers
- Right-click on your domain and select Properties
- Select the Group Policy tab
- Select the Default Domain Policy and click the Edit button
- Expand Computer Configuration --> Windows Settings --> Security Settings --> Public Key Policies
- Right-click on Trusted Root Certification Authorities and click Import
- Import Wizard - Click Next
- Type the path to the cacert.der from your Zimbra server or click Browse (if you browse, you will need to change the file type to All Files in order to see the certificate file) and then click Next
- Select Place all certificates in the following store --> Trusted Root Certification Authorities and click Next, Finish
- The import was successful - Click OK
- You should now see your mail server domain in the list. Example: mail.mydomain.com
- Close Group Policy Object Editor and any other windows you opened
Any Windows machine on your domain should now be able to open Internet Explorer and visit your SSL-enabled mail server without IE complaining...same with Outlook usage.
LHammonds
Last edited by LHammonds; 10-14-2011 at 12:43 PM..
| | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
