1st, I hope I have posted this in the right spot...
Ok.. Heres the deal... I am successfully creating a SSL Certificate using Zimbra. But, when attempting to access the site, or email, I get the popup about my certificate not matching the server.. blah, blah, blah...
Anyways, I have attempted a numerous amount of times to correct this.
THIS IS AN EXAMPLE DNS...
The hostname of the server is: intelsolutions.net
The mail server is: mail.intelsolutions.net
Server is a CentOS5 platform w/ Zimbra 5 Suite
Certificate is showing just "intelsolutions.net" when it needs to say "mail.intelsolutions.net". So I have edited the zmssl.cnf file to attempt to accomplish this. I have c/p the output of my POLICY and REQ:
(For those attempting to use this as a fix, this is only a partial copy of my zmssl.cnf)
GNU nano 1.3.12
File: /opt/zimbra/conf/zmssl.cnf
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = supplied
stateOrProvinceName = supplied
organizationName = supplied
organizationalUnitName = supplied
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = supplied
stateOrProvinceName = supplied
localityName = optional
organizationName = supplied
organizationalUnitName = supplied
commonName = supplied
emailAddress = optional
################################################## ##################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString.
# utf8only: only UTF8Strings.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
# so use this option with caution!
string_mask = nombstr
req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = Oklahoma (full name)
stateOrProvinceName_default = N/A
localityName = Washington (eg, city)
localityName_default = N/A
0.organizationName = Intel Solutions (eg, company)
0.organizationName_default = N/A
# we can do this but it is not needed normally :-)
#1.organizationName = Intel Solutions (eg, company)
#1.organizationName_default = Intel Solutions
organizationalUnitName = Intel Solutions (eg, section)
organizationalUnitName_default = Intel Solutions
0.commonName_default = mail.intelsolutions.net
0.commonName_max = 64
1.commonName_default = mail.chillingout.com
1.commonName_max = 64
2.commonName_default = mail.thecloset.net
2.commonName_max = 64
emailAddress =
services@intelsolutions.net
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
-------------------------------------
Now, why in the world would it not take my REQ statements to create the certificate ?? zmssl.cnf and zmssl.cnf.in are both showing this, but the certificate still persists to create with the hostname of the actual server and not with what I need in the certificate.
Any ideas on what this noob is doing wrong ??
Thanks in advance !
Bugzilla
Wiki
Source
Zimbra SSL certificate problem 
Linear Mode
