[SOLVED] SSL Cert Import IE/windows broken?

[raj]

Hi..Before 5.0 version we could install the Self Signed SSL cert on client computer by click on View Cert and Install Cert in IE for the Admin console so next time when you visit the Admin link it don’t POPUP the SSL error.

With 5.0 the same is not working anymore..IE goes all the way saying certificate is installed but when we come back the SSL Self signed Cert Error is there again.

Earlier whole certificate chain use to get saved looks like now CA certificate is not getting exported correctly.

Any ideas..i have tried recreating the cert few times ..same problem

Raj

[dwmtractor]

Are you using either IE 7 or (worst of all) Vista? If so, the error is happening because, although you are importing a certificate, you haven't told your machine that you trust the certificate provider...your Zimbra machine has to be added to your root certificate providers store before it'll even recognize your certificate. See these two posts for more details:

ZCS 4.5.10 upgrade to ZCS 5.0.0
http://www.zimbra.com/forums/users/1...html#post72941

Cheers,

Dan

[raj]

ok here are the details..

-------------
Zimbra 4.xx
-------------
On Windows 2000 Server SP4 + IE 6 SP1 we can sucessfully import the Self Signed Cert by just clicking on View Certificate and then Install using IE and it installs it are correct Certificate Authority Store so NEXT time we come that cert is used and POPup Error is gone

-------------
Zimbra 5.01 GA
-------------
On Windows 2000 Server SP4 + IE 6 SP1 the exact same server dont import the cert correctly from 5.0 version. so there is something different how the certs are created in 5.0 ..

I have tried putting the cert manually in all stores for teh sake of it but its not getting validated correcly..looks like CA/key inforamtion in 5.0 cert is not getting exported correctly

Any pointers

Raj

[raj]

here are the links..you can see it yourself

Zimbra 4.x link..you can import the cert and it will work:
https://zimbra1.ocpwebserver.com:7071/zimbraAdmin/

zimbra 5.0 ..try importing and then going back to the link:
https://zimbra12.ocpwebserver.com:7071/zimbraAdmin/

hope someone can give me some insight on this
Thanks
Raj

[raj]

Finally after 10 hours of hit and trial figured out what is needed..still dont know why but it works.

In 4.xx i could download/cert the CERT from the https:// link popup..and it ALSO use to kind of download the CA Cert/Key to certificate trust.

in 5.01 its not doing the same..so i physically downloaded CA.PEM file from
/opt/zimbra/ssl/zimbra/ca/ca.pem and imported it manually to windows machine and now it dont give me self signed cert POPUP

so i dont know why this change in 5.0..may be how Jetty wants to serve the cert is different than Tomcat or something else..any ssl expert has anything on this..

sould be marked as [SOLVED] ..lol
Raj