Results 1 to 6 of 6

Thread: Multi Domain SSL Certs ZCS 8.0.1

  1. #1
    jstopinsek is offline Starter Member
    Join Date
    Nov 2012
    Posts
    1
    Rep Power
    2

    Default Multi Domain SSL Certs ZCS 8.0.1

    Hi,

    I want to set up multi domain SSL on Single-Server Installation

    I have the following configuration:

    Zimbra version: 8.0.1.GA.5438.UBUNTU12.64 UBUNTU12_64 NETWORK edition.

    1.1.1.1 -> domain1.com (Base domain)
    1.1.1.2 -> domain2.com
    1.1.1.3 -> domain3.com


    1. Prepared Zimbra Proxy Server:

    zmtlsctl http
    /opt/zimbra/libexec/zmproxyconfig -m -w -e -x both -H `zmhostname`
    zmproxyctl restart


    2. Configured Virtual Hostname and Virtual IP for every domain:

    zmprov md domain1.com +zimbraVirtualHostName mail.domain1.com +zimbraVirtualIPAddress 1.1.1.1
    zmprov md domain2.com +zimbraVirtualHostName mail.domain2.com +zimbraVirtualIPAddress 1.1.1.2
    zmprov md domain3.com +zimbraVirtualHostName mail.domain3.com +zimbraVirtualIPAddress 1.1.1.3


    3. Deployed Certificates for each domain (I have Multidomain Certificates: *.domain1.com, *.domain2.com, *.domain3.com):

    mkdir /opt/zimbra/conf/domaincerts
    cd /opt/zimbra/conf/domaincerts
    zmcertmgr verifycrt comm domain1.key domain1.crt
    zmcertmgr verifycrt comm domain2.key domain2.crt
    zmcertmgr verifycrt comm domain3.key domain3.crt
    /opt/zimbra/libexec/zmdomaincertmgr deploycrts
    /opt/zimbra/libexec/zmdomaincertmgr savecrt domain1.com domain1.crt domain1.key
    /opt/zimbra/libexec/zmdomaincertmgr savecrt domain2.com domain1.crt domain2.key
    /opt/zimbra/libexec/zmdomaincertmgr savecrt domain3.com domain1.crt domain3.key


    4. Configured network:

    auto eth0
    iface eth0 inet static
    address 1.1.1.1
    network 1.1.1.0
    netmask 255.255.255.0
    broadcast 1.1.1.255
    gateway 1.1.1.254

    auto eth0:0
    iface eth0:0 inet static
    address 1.1.1.2
    network 1.1.1.0
    netmask 255.255.255.0
    broadcast 1.1.1.255

    auto eth0:1
    iface eth0:1 inet static
    address 1.1.1.3
    network 1.1.1.0
    netmask 255.255.255.0
    broadcast 1.1.1.255


    5. Configured A-records in public DNS:

    mail.domain1.com. IN A 1.1.1.1
    mail.domain2.com. IN A 1.1.1.2
    mail.domain3.com. IN A 1.1.1.3

    webmail.domain1.com. IN A 1.1.1.1
    webmail.domain2.com. IN A 1.1.1.2
    webmail.domain3.com. IN A 1.1.1.3


    So far it's working OK.

    But when I add Virtual Hostname:

    zmprov md domain1.com +zimbraVirtualHostName webmail.domain1.com

    and I restart proxy, I get:

    zmproxyctl restart
    Stopping nginx...done.
    Starting nginx...failed.
    nginx start failed. reason: The configurations of zimbraVirtualHostname and zimbraVirtualIPAddress are mismatched


    What am I missing here? Any idea why this won't work?

  2. #2
    Raunaq's Avatar
    Raunaq is offline Zimbra Employee
    Join Date
    Nov 2012
    Location
    Bangalore
    Posts
    173
    Rep Power
    2

    Default

    Hey jstopinsek

    do domain(1,2,3).com and mail.domain(1,2,3).com point to the same IP? as this could be the problem here

  3. #3
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    If your server is behind a firewall, don't forget to setup proper splitDNS for the webmail's URL too.

  4. #4
    tifkat is offline Junior Member
    Join Date
    Jun 2013
    Posts
    9
    Rep Power
    2

    Default

    Quote Originally Posted by Klug View Post
    If your server is behind a firewall, don't forget to setup proper splitDNS for the webmail's URL too.
    Can Zimbra be used with multiple virtual names and a single virtual ip address?

    Like the original post, I have setup multiple eth0 aliases to serve as the SSL listeners for different domains.

    I have appropriate entires in my /etc/hosts file.

    DNS as seen by the proxy (internal view) resolves all virtual names to the same IP address, and yet I see the same error.

    The description of the error isn't too informative. In what way are they mismatched? Does Zimbra use reverse DNS lookup IP -> FQDN?

    tifkat

  5. #5
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    No it can not (currently). You need one IP per virtual name.
    If you want to have several virtual names with a different SSL cert for each, you'll have to setup your own reverse-proxy in front of ZCS to deal with it.

  6. #6
    tifkat is offline Junior Member
    Join Date
    Jun 2013
    Posts
    9
    Rep Power
    2

    Default

    Quote Originally Posted by Klug View Post
    No it can not (currently). You need one IP per virtual name.
    If you want to have several virtual names with a different SSL cert for each, you'll have to setup your own reverse-proxy in front of ZCS to deal with it.
    What about 1 SSL cert for 3 virtual names on 1 virtual ip?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. SSL Certs per Domain
    By rbreck in forum Administrators
    Replies: 3
    Last Post: 08-03-2012, 08:03 AM
  2. Replies: 6
    Last Post: 10-20-2011, 06:12 AM
  3. Commercial Certs for Multi-Server Install
    By jterhune in forum Administrators
    Replies: 5
    Last Post: 09-08-2009, 02:21 PM
  4. [multi domain] one account in multi domains
    By jast in forum Administrators
    Replies: 5
    Last Post: 03-02-2009, 05:29 AM
  5. multi domain / multi IP / SMTP HELO problem
    By fisch09 in forum Administrators
    Replies: 3
    Last Post: 04-04-2007, 05:22 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •