Hello,
I have this setup :
mbox.grampet.com - mbox/store zimbra server with imap, smtp, mta, etc
mx.grampet.com - Zimbra proxy ONLY ( imap, pop3, smtp, http - proxy mode redirect )
The mbox server has an internal ip address and it's accessed only by the proxy server.
I installed on the proxy server ( mx ) my commercial certificates issued by Verisign.
When i go to
https://mx.grampet.com with any browser, everything works fine.
When i try to setup an account with zimbra desktop, it gives me the following error :
Code:
Invalid or untrusted server SSL certificate (details)
mx.grampet.com presented a certificate that cannot be verified.
Certificate Issued To
Common Name (CN) mx.grampet.com
Organization Unit (OU) Terms of use at www.verisign.com/rpa (c)05
Organization (O) Grampet
Serial Number 1006542A05EA3CC5003E75B57645505C
Certificate Issued By
Common Name (CN) VeriSign Class 3 Secure Server CA - G3
Organization Unit (OU) Terms of use at https://www.verisign.com/rpa (c)10
Organization (O) "VeriSign
Certificate Validity
Issued On Tue Jun 14 03:00:00 EEST 2011
Expires On Tue Jun 13 02:59:59 EEST 2017
Certificate Fingerprints
SHA1 Fingerprint CB203ADDF624CAB9D58049A33F4C7713634DAE8C
MD5 Fingerprint E2E4782F68C17FF0ABD86369941F0E2C
Accepting this certificate poses potential security threats to your data
Display error details
com.zimbra.common.soap.SoapFaultException: d2:CN14:mx.grampet.com1:O7:Grampet2:OU42:Terms of use at www.verisign.com/rpa (c)056:accept4:true5:alias47:mx.grampet.com:1006542A05EA3CC5003E75B57645505C4:fromi1308009600000e4:host14:mx.grampet.com3:icn38:VeriSign Class 3 Secure Server CA - G32:io9:"VeriSign3:iou50:Terms of use at https://www.verisign.com/rpa (c)103:md532:E2E4782F68C17FF0ABD86369941F0E2C8:mismatch5:false1:s32:1006542A05EA3CC5003E75B57645505C4:sha140:CB203ADDF624CAB9D58049A33F4C7713634DAE8C2:toi1497311999000ee ExceptionId:com.zimbra.common.service.RemoteServiceException: d2:CN14:mx.grampet.com1:O7:Grampet2:OU42:Terms of use at www.verisign.com/rpa (c)056:accept4:true5:alias47:mx.grampet.com:1006542A05EA3CC5003E75B57645505C4:fromi1308009600000e4:host14:mx.grampet.com3:icn38:VeriSign Class 3 Secure Server CA - G32:io9:"VeriSign3:iou50:Terms of use at https://www.verisign.com/rpa (c)103:md532:E2E4782F68C17FF0ABD86369941F0E2C8:mismatch5:false1:s32:1006542A05EA3CC5003E75B57645505C4:sha140:CB203ADDF624CAB9D58049A33F4C7713634DAE8C2:toi1497311999000ee ExceptionId:btpool0-19:1323082592188:b79f4479e497c387 Code:remote.SSLCERT_ERROR at com.zimbra.common.service.RemoteServiceException.SSLCERT_ERROR(RemoteServiceException.java:88) at com.zimbra.common.service.RemoteServiceException.doSSLFailures(RemoteServiceException.java:168) at com.zimbra.cs.zclient.ZMailbox.invoke(ZMailbox.java:568) at com.zimbra.cs.zclient.ZMailbox.invoke(ZMailbox.java:555) at com.zimbra.cs.zclient.ZMailbox.invokeJaxb(ZMailbox.java:550) at com.zimbra.cs.zclient.ZMailbox.authByPassword(ZMailbox.java:496) at com.zimbra.cs.zclient.ZMailbox.(ZMailbox.java:411) at com.zimbra.cs.zclient.ZMailbox.getMailbox(ZMailbox.java:348) at com.zimbra.cs.account.offline.OfflineProvisioning.newZMailbox(OfflineProvisioning.java:248) at com.zimbra.cs.account.offline.OfflineProvisioning.newZMailbox(OfflineProvisioning.java:240) at com.zimbra.cs.account.offline.OfflineProvisioning.createSyncAccount(OfflineProvisioning.java:564) at com.zimbra.cs.account.offline.OfflineProvisioning.createAccount(OfflineProvisioning.java:537) at com.zimbra.cs.service.admin.CreateAccount.handle(CreateAccount.java:64) at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:412) at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:287) at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:158) at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:294) at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:215) at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:208) at javax.servlet.http.HttpServlet.service(HttpServlet.java:814) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:218) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:422) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:543) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:946) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410) at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451) Caused by: java.security.cert.CertificateException: d2:CN14:mx.grampet.com1:O7:Grampet2:OU42:Terms of use at www.verisign.com/rpa (c)056:accept4:true5:alias47:mx.grampet.com:1006542A05EA3CC5003E75B57645505C4:fromi1308009600000e4:host14:mx.grampet.com3:icn38:VeriSign Class 3 Secure Server CA - G32:io9:"VeriSign3:iou50:Terms of use at https://www.verisign.com/rpa (c)103:md532:E2E4782F68C17FF0ABD86369941F0E2C8:mismatch5:false1:s32:1006542A05EA3CC5003E75B57645505C4:sha140:CB203ADDF624CAB9D58049A33F4C7713634DAE8C2:toi1497311999000ee at com.zimbra.common.net.CustomTrustManager.checkServerTrusted(CustomTrustManager.java:90) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1027) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123) at com.zimbra.common.net.CustomSSLSocket.startHandshake(CustomSSLSocket.java:90) at com.zimbra.common.net.CustomSSLSocket.getInputStream(CustomSSLSocket.java:341) at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:745) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:243) at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:164) at com.zimbra.common.soap.SoapTransport.invoke(SoapTransport.java:407) at com.zimbra.cs.zclient.ZMailbox.invoke(ZMailbox.java:561) ... 37 more Code:remote.SSLCERT_ERROR at com.zimbra.common.soap.Soap12Protocol.soapFault(Soap12Protocol.java:88) at com.zimbra.common.soap.SoapTransport.extractBodyElement(SoapTransport.java:354) at com.zimbra.common.soap.SoapTransport.parseSoapResponse(SoapTransport.java:313) at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:260) at com.zimbra.common.soap.SoapHttpTransport.invoke(SoapHttpTransport.java:164) at com.zimbra.common.soap.SoapTransport.invoke(SoapTransport.java:407) at com.zimbra.common.soap.SoapTransport.invoke(SoapTransport.java:370) at com.zimbra.cs.account.soap.SoapProvisioning.invoke(SoapProvisioning.java:326) at com.zimbra.cs.account.soap.SoapProvisioning.createAccount(SoapProvisioning.java:469) at com.zimbra.cs.offline.jsp.JspProvStub.createOfflineAccount(JspProvStub.java:94) at com.zimbra.cs.offline.jsp.ZmailBean.doRequest(ZmailBean.java:103) at com.zimbra.cs.offline.jsp.FormBean.doRequest(FormBean.java:150) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstFunction.getValue(AstFunction.java:127) at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:206) at org.apache.jasper.runtime.PageContextImpl.evaluateExpression(PageContextImpl.java:1001) at org.apache.jsp.desktop.accsetup_jsp._jspx_meth_c_when_6(Unknown Source) at org.apache.jsp.desktop.accsetup_jsp._jspx_meth_c_choose_0(Unknown Source) at org.apache.jsp.desktop.accsetup_jsp._jspService(Unknown Source) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109) at javax.servlet.http.HttpServlet.service(HttpServlet.java:814) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:389) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380) at javax.servlet.http.HttpServlet.service(HttpServlet.java:814) at com.zimbra.webClient.servlet.JspServlet.service(JspServlet.java:64) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166) at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:79) at com.zimbra.webClient.filters.SetHeaderFilter.doFilter(SetHeaderFilter.java:239) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:218) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:422) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.handler.rewrite.RewriteHandler.handle(RewriteHandler.java:230) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:543) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:946) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:405) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410) at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
What can i do ?
Please help, it's very urgent.
Bugzilla
Wiki
Source
Problem with Commercial SSL Certs 
Linear Mode
