Managing certificates

[andrea.colleoni]

Hi all,
I'm working on a Zimbra Open Source Installation 5.0 RC2 on Ubuntu Dapper Drake.
I've done a fresh OS and zimbra install.
My problem is that I'm not able to change the default certificate to meet my needs; I have to change for example country from US to IT, but more important I have to use aliases to identify my server.
When I create a self signed certificate I can't save it from web admin interface (I get a jetty error); I read a thread on the forum about running zmfixperms: I've done it a nothing changes (can't save).
So I followed the wiki instructions to recreate the certificates and (at the step named "Remove the self-signed root certificate from the cacerts keystore (as zimbra)") I faced the problem of a tampered certificate and nothing based on ssl could work. I reinstalled evrithing and now (I wish for at least one year) it works; I'm asking what will happen when my certificate wil expire?

Can someone help with this?

Thanks in advance.

Andrea.

[andrea.colleoni]

I can't find on my installation the utility zmcreatecert.
I've tried a
> find -name zmcreatecert
from /
No results found. Is it ok?

Andrea.

[andrea.colleoni]

I've found some answers here:
13936-self-signed-cert-manager-fails-5-0ga-foss

I still don't undertand why when certificate install fails all web administration task (based on SSL) cannot be performed anymore. This is not a bug? The operation cannot be rolled back?

Andrea.

[jholder]

Quote:

Originally Posted by andrea.colleoni

I've found some answers here:
13936-self-signed-cert-manager-fails-5-0ga-foss

I still don't undertand why when certificate install fails all web administration task (based on SSL) cannot be performed anymore. This is not a bug? The operation cannot be rolled back?

Andrea.

It's a bug. It will be fixed in 5.0.1 which will be released soon

[BarBaar]

Let me hijack this threat

Just installed zimbra 5.0 on 3 servers:

1. ldap
2. Store/apache/logging
3. mta

Now I try to manage my certificates using the admin-console, but no certificates appear at all. If I want to display the certificates of the ldap/mta server, an error occurs:

Code:

Message: error while proxying request to target server (url=https://zldap.domain.nl:7071/service/admin/soap/GetCertRequest): Connection refused Error code: service.PROXY_ERROR Method: ZmCsfeCommand.prototype.invoke Details:soap:Receiver

Make sense, cause there is nothing running op port 7071 on ldap/mta.

But when I click on the certificates foe the store-server, it takes a while. Firefox even turns grey (not responding for a while) and finally the webpage appears.. but no certificate data is being displayed!

Besides this:
I have read a lot about certificates and zimbra. I guess it is still pretty new in the app. I don't think it is currently possible to change the root (or sub) CA certificate using the admin console. This makes the certificate-import function not so useful. Importing a certificate is nice, but you also have to be able to build the complete certificatechain!. Will this be possible on the next release?