Results 1 to 4 of 4

Thread: Multiple hostnames & Multiple SSL certificates

  1. #1
    krag is offline Junior Member
    Join Date
    Feb 2008
    Posts
    5
    Rep Power
    7

    Default Multiple hostnames & Multiple SSL certificates

    Hi,

    This is kind of a two part question but they are related:

    I'm running Zimbra 5.0.5 GA Network Edition (trial)

    1. I'm running a failover cluster with two nodes using DRBD. I want to use a "service name" for zimbra, so zimbra.example.com so that the config will work on both boxes. However, during the install I don't get the option to set a hostname and it uses the FQDN of the box, so server1.example.com. Is there a way to change the zimbra hostname so that it's not the same as the actual server hostname?


    2. I need to use a commercial SSL certificate for zimbra.example.com. Again, when I try and run the certification wizard it generates a CSR for server1.example.com. I've looked at the wiki article on multiple certificates but don't understand whether than involves running a totally seperate apache instance, or changing the configuration of zimbra's apache? Either way I don't really need multiple certs, just one for the service/cluster name not the actual box names.


    Hope that all makes sense!

    Many Thanks,
    Craig.

  2. #2
    brian is offline Project Contributor
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    Craig,

    Thanks for the questions. For the first question there is a place during the install to change the hostname, in fact this is exactly what the instructions say to do. Please take a closer look at the single node (1+1) cluster install guide for a step by step.

    The recommendation for question 2 would be to use the subject altnames to accomplish what you are trying to do. With the current setup ZCS uses a single cert for multiple purposes, including jetty (webmail), ldap, postfix and proxy services. Although in most cases the public facing web access can use the cluster service name, many of the underlying process require the specific hostname for secure interprocess communication.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  3. #3
    krag is offline Junior Member
    Join Date
    Feb 2008
    Posts
    5
    Rep Power
    7

    Default

    Thanks Brian, I'll take a closer look at both of your suggesions.


    Thanks for the quick reply.

  4. #4
    tiarra is offline Senior Member
    Join Date
    Apr 2009
    Posts
    70
    Rep Power
    6

    Question

    We also have multiple MB's on cluster and have installed cert only on one MB forr the cluster name.

    But when i check the cert from console all other servers except the above mentioned MB have a different expiry earlier than the MB.
    What will happen when the expiry for the MB cert is not reached while for the others it is already over.
    Kindly suggest

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: 01-15-2008, 01:33 PM
  2. Replies: 1
    Last Post: 09-07-2007, 05:46 AM
  3. Multiple Domains w/ SSL
    By msf004 in forum Installation
    Replies: 2
    Last Post: 07-30-2007, 10:48 AM
  4. SSL and multiple mail server aliases
    By altimage in forum Installation
    Replies: 3
    Last Post: 12-11-2005, 04:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •