Help needed to regenerate SLL cert

**liverpoolfcfan** · 02-02-2010, 02:53 PM

I have installed 6.0.4 FOSS on Centos 5.3

When installing I named the server zimbra.domain.ctry, and it generated an ssl cert based on that name.

However, our public email hostname is mail.domain.ctry - so the name of the cert does not match, and briefcase documents are not accessible externally.

I have since set the ZimbraPublicServiceHostname and ZimbraPublicServiceProtocol to the appropriate values so that briefcase works correctly. However, I would also like to set the SSL cert straightened out.

I have tried to generate a new SSL cert both through the Admin GUI, and with the CLI tool, but no matter what I do I keep getting a cert with the Subject zimbra.domain.ctry

It ignores the O, and OU settings I input, and ignores the AlternativeSubjects I specify too.

The articles I have been able to find on the wiki all refer to 4.5 and 5.0 - so has something changed in 6.0 ?

Can anyone walk me through the steps I need to take as I am obviously missing something.

Thanks

**phoenix** · 02-02-2010, 11:05 PM

Why don't you just change the server name with ZmSetServerName to the new name you require?

**uxbod** · 02-02-2010, 11:12 PM

Additionally if your internal server name is different to how it is seen externally your emails may get tagged as SPAM.

**liverpoolfcfan** · 02-03-2010, 01:47 AM

To date I have never had an issue with the server name being different from the external name - with zimbra or either of our previous email servers.

However, if the best way forward is to rename the server, I am willing to do so.

I am confused though as to how this will solve my current problem - which is that I cannot get a new ssl cert generated with any name other than zimbra.company.ctry

Is the ssl cert generation looking at the hostname somewhere under the covers, and ignoring what I type ?

If it is not, I am going to be in an even more screwed up state - where everything internally and externally points to mail.domain.ctry - but the ssl cert is different from that.

**liverpoolfcfan** · 02-04-2010, 02:22 PM

I finally got this to work. But, I still have some questions/observations.

I followed the WIKI article Administration Console and CLI Certificate Tools - Zimbra :: Wiki

I followed the example "Single-Node Self-Signed Certificate"

It seems to me that there is a step missing between Generating an new CA, and generating a certificate signed by it. Unless I ran the command

Code:

zmcertmgr deployca

I could not get any of my custom changes in the CA to take. Is this correct ?

Secondly it appears to me that the command

Code:

createcsr (self|comm) [-new] [-subject subject] [-subjectAltNames "host1,host2"] 

Note: Angle brackets changed to parentheses for display purposes
The angle brackets caused the parameter to disappear from the post ?

is asking for one required parameter, self or comm, and up to 3 optional parameters. Am I misunderstanding what the (self|comm) means ?

I found that if I included the "self" parameter my command failed, and did nothing. Removing it allowed me to generate a certificate signing request.

I would appreciate your feedback.

Zimbra

Thread: Help needed to regenerate SLL cert

LinkBack

Thread Tools

Search Thread

Display

Help needed to regenerate SLL cert

Thread Information

Users Browsing this Thread

Similar Threads

Installing rapidssl certs: with rootca and chained cert

Upgrade Self Signed Cert to Commercial Cert (godaddy)

[SOLVED] Tomcat ignoring new SSL cert?

Issue sharing Address Books with Tomcat Commercial Cert SSL

Posting Permissions