Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation
Reload this Page [SOLVED] Multiserver Install & Commercial SSL

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-07-2009, 05:19 AM
Active Member
  
Posts: 28
Default [SOLVED] Multiserver Install & Commercial SSL
Hello,

This is my first real zimbra install (had a few test installs), and so far everything has gone exceedingly well. However, I am trying to deploy some commercial SSL certificates, and I seem to be stuck.

To start, I am running 2 zimbra servers, one MTA, Proxy, and SNMP. The other box is running everything except MTA and Proxy. I am also relatively new to SSL (ok, very new). In the past someone else has taken care of that for me, but with some recent staff changes I am left to my own devices for this.

I have read through several forums posts, and a few wiki articles, and none of them seem to address my issue at a level that actually helps me. When I generate the CSR for my MTA server, I am specifying the internal FQDN of the server as the CN (so mta01.domain1.com), and then specifying several additional hostnames as subjectAltName (mail.domain2.com, webmail.domain2.com, imap.domain2.com, etc). There are actually 2 domains at play here, as the servers are hosted at the parent companies site, so the FQDN is for the parent company. There are also DNS CNAMES that point webmail.domain2.com to mta01.domain1.com. Eventually this server will be host mail for other domains as well.

After CSR generation, I view the current CSR to make sure that everything is fine. Everything checks out, so I proceed to godaddy for cert generation (server type other). I get the cert imported using zmcertmgr, and again everything goes swimmingly. However, when I browse to the webmail.domain2.com address, I get a certificate error. Viewing the certificate, I see that the cert is valid for mta01.domain1.com and www.mat01.domain1.com (which was not included in my subjectAltName list).

I did find one thread that seemed to be addressing this issue, but it was a little over my head. So at this point I am stumped.

Has anyone seen this before? I am certain that this is something that I am doing wrong, but I can't quite figure out what it is. I am hoping to deploy all of this this coming weekend, and I would love to have valid certificates in place for deployment. Any help or insight would be greatly appreciated.
Reply With Quote
  #2 (permalink)  
Old 05-07-2009, 01:33 PM
Active Member
  
Posts: 28
Default
Well so I figured it out, and I knew it was something silly I was doing. I purchased the wrong type of cert ... I needed a multidomain cert. There goes a couple of hundred bucks I'll probably never get back again ...
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.