Results 1 to 3 of 3

Thread: [SOLVED] External IMAP account with self signed cert?

  1. #1
    dragon2611 is offline Member
    Join Date
    Aug 2008
    Posts
    11
    Rep Power
    6

    Default [SOLVED] External IMAP account with self signed cert?

    Hi All,

    Can anyone tell me how to force zimbra to accept an Self-signed certificate for adding an external IMAP account that uses SSL?


    I think that might be the reason it's refusing to connect to the external mailserver.

  2. #2
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Set zmlocalconfig -e 'data_source_trust_self_signed_certs=true' (will allow/remove error message)

    ZD has ssl_allow_accept_untrusted_certs true by default which warns & prompts for accept. I fought for a similar attribute in ZCS data_source_trust_certs_override_allowed (either true from the start or even just possible since most would like a tiny warning rather than wide open or blocked case for self-signed & expired < which is also just either blocked or not even for commercial) but wasn't implemented, if you'd like to add your thoughts here: Bug 35441 - external data sources with self-signed/expired certs no longer work

    The per cert method:
    Get the cert.
    $ openssl s_client -host secure.server.com -port 993
    Paste the cert into a file and load it into cacerts. Be sure to set perms and ownership on cacerts keystore file. (as zimbra)
    $ keytool -import -file /tmp/secure.server.com.crt -alias secure.server.com -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
    $ zmmailboxdctl restart

  3. #3
    dragon2611 is offline Member
    Join Date
    Aug 2008
    Posts
    11
    Rep Power
    6

    Default

    Ah thanks for that,

    Have added my thoughts to that bug, the error message zimbra returns is unacceptable in my opinion as it makes about as much sense as a chocloate fireguard and just leads to confusion

    It's even more of a problem as it's a user facing dialogue displaying the error.

    The message doesn't even fit in the box it was trying to display it in.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  2. Exchange as an External account
    By asrag in forum General Questions
    Replies: 2
    Last Post: 04-10-2008, 08:43 AM
  3. IMAP problem after added external account
    By Thanakorn in forum Administrators
    Replies: 5
    Last Post: 02-21-2008, 10:50 AM
  4. Replies: 9
    Last Post: 01-31-2008, 10:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •