[SOLVED] The issuer of this certificate could not be found.

[vinzenz]

hi

to unterstand when a certificate is valid:
you have a number of predefined certificate authorities (verisign for example) already included in firefox.
to get a valid certificate for your server, one of them has to sign it. when a client connects to your server, he gets the certificate and can verify the signature and thereby its issuer. if that issuer is trusted, the server can be trusted, and the client can initiate a secure channel using the public key included in the certificate.

now if you do not want to pay for a commercial certificate, you can create your own certificate authority. then you create a certificate signed by yourself. therefore zimbra fills the "issued by" field with your server name and "Zimbra Collaboration Suite".
that is what zimbra does by default.

if you want this self-signed certificate to be trusted by a client, it has to import your certificate authority (ca.crt) as trusted authority.

do you have a faculty certificate signed by a third-party (like your university or verisign etc.)?
then you have to replace the self-signed with this certificate.

when i open your server page (webmail.etf.unsa.ba), i see the self-signed certificate. furthermore it is issued to "igman.etf.unsa.ba", which will result in a warning ("wrong site"). the certificate is only valid for this name!
afaik, you cannot use multiple dns names with one certificate.

hope i could help

[aldm]

It seems there is some problem with certificate in mekeystore (j2me key store).
I need this certificate for j2me application.

I tried to access gmail.com over https from java midlet.
I exported Firefox certificate from gmail.com, and import it
into mekeystore (key store for j2me certificates), but I stll
got an error "Certificate site name isn't correct" (it is google.com).

I also tried to create certificates with same attributes (CN, O, OU...) like
this using Tomcat (I have istalled tomcat) keytool, but again with
no luck...

P.S.: I didn't understand your last post well...

[vinzenz]

how else should i explain it?
you should not import certificates from sites directly!

you should only import the certificate authorities.
once you have imported a ca, every certificate issued by this ca will be trusted by your application.

and of course you have to use the same dns name included in the certificate. the idea of a certificate is to verfiy that you are connecting to exactly this server!
just as your identity card is only valid for the name printed on it. if you want to use a different name, you need a different identity card. otherwise it would make no sense.

so, if you want to run zimbra with the self-signed certificate, import the corresponding certificate authority from zimbra into mekeystore. and use the correct dns name to connect to the server.

here is wikipedia article about pki, if you want to read in detail what i tried to explain: Public key infrastructure - Wikipedia, the free encyclopedia

[aldm]

Hi,
I'm sorry I didn't write anything for while, I forgot on this topic
Anyway, I read already about public key infrastructure etc.
I found solution for my problem without using certificates.

So dude, thank you very much