I have configured our server to use certificatebased authentication as explained in docs/certauth.txt - and has been working fine, until today when i upgraded to 7.1.2...
we have the standard "setup" as described in the txt file
we're using NeedClientAuth and have the server mode set to "redirect"
usually you browse to
server.com, and it redirects you to https://server.com, then redirects to https://server.com:9443/certauth, the ssl negotiation happens, then you are redirected back to https://server.com/zimbra/?ignoreLoginURL=1 and you're in your mailbox.
Now, since the upgrade... when it redirects you to the certauth port... the ssl handshaking completes, but the it doesnt redirect back to the normal https port when it changes the url to /zimbra/?ignoreLoginURL=1
so, we get the addressbar showing https://server.com:9443/zimbra/?ignoreLoginURL=1 with an error message in the browser:
HTTP ERROR: 403
Problem accessing /zimbra/. Reason:
requested resource is not allowed on this port
Powered by Jetty://
If at this stage, you remove everything after https://server.com, it will log you in to your mail.
It seems like something is broken at the port redirect stage.
Does anyone have any clues or ideas where i may look for more info on this?
I doesnt seem to log anything useful anywhere.