Results 1 to 5 of 5

Thread: Managing certificates

  1. #1
    andrea.colleoni is offline Junior Member
    Join Date
    Dec 2007
    Posts
    5
    Rep Power
    7

    Default Managing certificates

    Hi all,
    I'm working on a Zimbra Open Source Installation 5.0 RC2 on Ubuntu Dapper Drake.
    I've done a fresh OS and zimbra install.
    My problem is that I'm not able to change the default certificate to meet my needs; I have to change for example country from US to IT, but more important I have to use aliases to identify my server.
    When I create a self signed certificate I can't save it from web admin interface (I get a jetty error); I read a thread on the forum about running zmfixperms: I've done it a nothing changes (can't save).
    So I followed the wiki instructions to recreate the certificates and (at the step named "Remove the self-signed root certificate from the cacerts keystore (as zimbra)") I faced the problem of a tampered certificate and nothing based on ssl could work. I reinstalled evrithing and now (I wish for at least one year) it works; I'm asking what will happen when my certificate wil expire?

    Can someone help with this?

    Thanks in advance.

    Andrea.

  2. #2
    andrea.colleoni is offline Junior Member
    Join Date
    Dec 2007
    Posts
    5
    Rep Power
    7

    Default By the way...

    I can't find on my installation the utility zmcreatecert.
    I've tried a
    > find -name zmcreatecert
    from /
    No results found. Is it ok?

    Andrea.

  3. #3
    andrea.colleoni is offline Junior Member
    Join Date
    Dec 2007
    Posts
    5
    Rep Power
    7

    Default Some things to try...

    I've found some answers here:
    13936-self-signed-cert-manager-fails-5-0ga-foss

    I still don't undertand why when certificate install fails all web administration task (based on SSL) cannot be performed anymore. This is not a bug? The operation cannot be rolled back?

    Andrea.

  4. #4
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Quote Originally Posted by andrea.colleoni View Post
    I've found some answers here:
    13936-self-signed-cert-manager-fails-5-0ga-foss

    I still don't undertand why when certificate install fails all web administration task (based on SSL) cannot be performed anymore. This is not a bug? The operation cannot be rolled back?

    Andrea.
    It's a bug. It will be fixed in 5.0.1 which will be released soon

  5. #5
    BarBaar is offline Active Member
    Join Date
    Dec 2007
    Posts
    36
    Rep Power
    7

    Default

    Let me hijack this threat

    Just installed zimbra 5.0 on 3 servers:

    1. ldap
    2. Store/apache/logging
    3. mta

    Now I try to manage my certificates using the admin-console, but no certificates appear at all. If I want to display the certificates of the ldap/mta server, an error occurs:
    Code:
    Message: error while proxying request to target server (url=https://zldap.domain.nl:7071/service/admin/soap/GetCertRequest): Connection refused Error code: service.PROXY_ERROR Method: ZmCsfeCommand.prototype.invoke Details:soap:Receiver
    Make sense, cause there is nothing running op port 7071 on ldap/mta.

    But when I click on the certificates foe the store-server, it takes a while. Firefox even turns grey (not responding for a while) and finally the webpage appears.. but no certificate data is being displayed!

    Besides this:
    I have read a lot about certificates and zimbra. I guess it is still pretty new in the app. I don't think it is currently possible to change the root (or sub) CA certificate using the admin console. This makes the certificate-import function not so useful. Importing a certificate is nice, but you also have to be able to build the complete certificatechain!. Will this be possible on the next release?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Installing existing SSL certificates (solved)
    By inigoml in forum Administrators
    Replies: 22
    Last Post: 02-24-2009, 10:32 AM
  2. Replies: 1
    Last Post: 11-05-2007, 06:55 PM
  3. Commercial Certificates for slapd
    By trunet in forum Administrators
    Replies: 2
    Last Post: 10-09-2007, 05:24 AM
  4. Re-create certificates
    By demanl in forum Administrators
    Replies: 4
    Last Post: 05-23-2006, 06:59 AM
  5. Upgrading and certificates
    By kennyfordham in forum Installation
    Replies: 1
    Last Post: 11-19-2005, 11:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •