Results 1 to 3 of 3

Thread: Untrusted Server Certificate Chain

  1. #1
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default Untrusted Server Certificate Chain

    Message: Csfe service error
    Error code: service.PROXY_ERROR
    Method: ZmCsfeCommand.invoke
    Details:error while proxying request to target server (url=https://mailz.fbs.it:7071/service/admin/soap/): java.security.cert.CertificateException: Untrusted Server Certificate Chain

    scenario: zimbra multiserver: 1 master with all services, the otehr with mta and mbox
    i get this error when i logon into second store as admin, when i logon into master i get no error message
    i haven't changed anything (hostname, etc) during last days, i have installed license previous week in either master server and in second store (i have a master zimbra and a second store)

    i found this on wiki
    SSL Certificate Problems - ZimbraWiki
    i wonder if i should apply all what i read there
    i have installed Release 4.5.6_GA_1044.RHEL5_20070706163724 CentOS5 on August, so ssl cert are not so old
    i have installed 4.5.6_GA on master and in second store, either, on August
    TIA
    Maurizio
    Last edited by maumar; 10-09-2007 at 07:22 AM.

  2. #2
    Join Date
    Jun 2007
    Location
    Oregon
    Posts
    51
    Rep Power
    8

    Default

    What order did you build (or rebuild) the certificates and/or servers in? It is possible that you have an error with the Certificate Authority (CA) certificates like I have.


    I have a MTA server, and a LDAP/MAILSTORE server. I had to rebuild the certs on the MAILSTORE, which included the CA certs. But because the MTA has the old root certificate, I am now getting that error. I know I have to replace it on the MTA and re-sign the server certificate. However, all of the documentation I have found is mailstore based. Everything wants me to recreate a new CA on the MTA and install it.

    I do see where you can make sure that, at least, the LDAP has the correct information.

    From the SSL Certificate documentation you have already linked to:

    * To update CA cert stored in LDAP (as zimbra):

    Code:
    zmprov -l mcf zimbraCertAuthorityKeySelfSigned "`cat /opt/zimbra/ssl/ssl/ca/ca.key`"
    zmprov -l mcf zimbraCertAuthorityCertSelfSigned "`cat /opt/zimbra/ssl/ssl/ca/ca.pem`"

    * You can see your updated certs in LDAP now and compare them to contents of /opt/zimbra/ssl/ssl/ca (as zimbra)

    Code:
    zmprov -l gcf zimbraCertAuthorityKeySelfSigned 
    zmprov -l gcf zimbraCertAuthorityCertSelfSigned

    You should do those last two commands on both machines. That way you can see if your problem is the Cert Authority

    If not, then we have more information to help you track down your problem.

  3. #3
    Join Date
    Mar 2008
    Posts
    29
    Rep Power
    7

    Default

    I have the same problem. But the problem happen on the second mailbox store.
    In the admin console, each time i click in mailbox store 2, i receive the following error:
    Message: Csfe service error
    Error code: service.PROXY_ERROR
    Method: ZmCsfeCommand.invoke
    Details:error while proxying request to target server (url=https://serv2.abc.com:7071/service/admin/soap/): java.security.cert.CertificateException: Untrusted Server Certificate Chain

    I have checked CA as your guiding, everything is ok but the error still appear.

Similar Threads

  1. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 01:42 AM
  2. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 08:46 PM
  3. Untrusted Server Certificate Chain Error
    By fmodola in forum Administrators
    Replies: 3
    Last Post: 05-14-2007, 04:39 AM
  4. Replies: 4
    Last Post: 01-07-2007, 04:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •