This is my first real zimbra install (had a few test installs), and so far everything has gone exceedingly well. However, I am trying to deploy some commercial SSL certificates, and I seem to be stuck.
To start, I am running 2 zimbra servers, one MTA, Proxy, and SNMP. The other box is running everything except MTA and Proxy. I am also relatively new to SSL (ok, very new). In the past someone else has taken care of that for me, but with some recent staff changes I am left to my own devices for this.
I have read through several forums posts, and a few wiki articles, and none of them seem to address my issue at a level that actually helps me. When I generate the CSR for my MTA server, I am specifying the internal FQDN of the server as the CN (so mta01.domain1.com), and then specifying several additional hostnames as subjectAltName (mail.domain2.com, webmail.domain2.com, imap.domain2.com, etc). There are actually 2 domains at play here, as the servers are hosted at the parent companies site, so the FQDN is for the parent company. There are also DNS CNAMES that point webmail.domain2.com to mta01.domain1.com. Eventually this server will be host mail for other domains as well.
After CSR generation, I view the current CSR to make sure that everything is fine. Everything checks out, so I proceed to godaddy for cert generation (server type other). I get the cert imported using zmcertmgr, and again everything goes swimmingly. However, when I browse to the webmail.domain2.com address, I get a certificate error. Viewing the certificate, I see that the cert is valid for mta01.domain1.com and www.mat01.domain1.com (which was not included in my subjectAltName list).
I did find one thread that seemed to be addressing this issue, but it was a little over my head. So at this point I am stumped.
Has anyone seen this before? I am certain that this is something that I am doing wrong, but I can't quite figure out what it is. I am hoping to deploy all of this this coming weekend, and I would love to have valid certificates in place for deployment. Any help or insight would be greatly appreciated.