Results 1 to 2 of 2

Thread: zmprov certificate chain trust

  1. #1
    dseven is offline Junior Member
    Join Date
    Jan 2007
    Posts
    6
    Rep Power
    8

    Default zmprov certificate chain trust

    I feel really stupid having to ask this question, but I've spent too long beating my head against this brick-wall

    I've installed the 4.5.0 VMware (beta, I guess) trial thingy, and I'm trying to replace the self-signed SSL server certificate with one issued by my own CA.

    I've created a Java keystore that contains the private key and certificate chain (alias=tomcat, passwords=zimbra), and dropped that in place of /opt/zimbra/tomcat/conf/keystore (also dropped a copy at /opt/zimbra/ssl/ssl/commercial.keystore incase that matters), and I've imported the CA certs into /opt/zimbra/java/jre/lib/security/cacerts

    Using 'openssl s_client -connect myserver:7071", I see the correct CA chain, and clients connecting to services do too.

    I cannot for the life of me, though, get zmprov to trust this new cert chain - it won't do anything other than complain:

    Code:
    ERROR: zclient.IO_ERROR (invoke java.security.cert.CertificateException: Untrusted Server Certificate Chain, server: localhost) (cause: javax.net.ssl.SSLHandshakeException java.security.cert.CertificateException: Untrusted Server Certificate Chain)
    I've read the wiki pages and the forum posts, and tried everything I can think of, but nothing is making zmprov happy.

    Can anyone tell me:

    1) What does zmprov connect to? I'm guessing port 7071 - can anyone confirm / correct?

    2) What does zmprov use as its "trust store" when verifying the SSL server cert of whatever it's connecting to?

    3) What am I missing???



    ~D..

  2. #2
    dseven is offline Junior Member
    Join Date
    Jan 2007
    Posts
    6
    Rep Power
    8

    Default

    For the record, I tried this again this morning. I did the same thing that I'm sure I tried many times last week, and today it decided to work just fine. I have no idea what I did differently - I don't think anything, so I've decided to blame last week's problems on solar flares.

    ~D..

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Untrusted Server Certificate Chain Error
    By fmodola in forum Administrators
    Replies: 3
    Last Post: 05-14-2007, 03:39 AM
  2. Replies: 9
    Last Post: 04-14-2007, 08:31 AM
  3. Replies: 4
    Last Post: 01-07-2007, 04:15 PM
  4. Replies: 1
    Last Post: 11-15-2006, 04:29 PM
  5. Certificate problem following 3.1.0 -> 4.0 upgrade
    By simonellistonball in forum Migration
    Replies: 5
    Last Post: 09-26-2006, 01:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •