I've been looking all over on the documentation for my SSL Certificate problems, and I think I am 90% of the way there, but I have a few other items I would like clarification on before I break our production servers.

We have two servers, the LDAP/MAILSTORE box, and an MTA. Somehow, their server certificates ended up being signed by two different certificate authorities. The documentation I've read all start that I need to re-create the CA on the MTA, but I'd rather just use the one already in place on the LDAP server.

  • What am I missing?
  • Does the zmcreateca command copy the current CA from the LDAP box and it is just not stated anywhere?
  • Are they supposed to have different CA's for one reason or another?
  • How do I adjust the steps in the links below to change only the MTA's server certificate?

SSL Certificate Problems - Zimbra :: Wiki
CLI zmcreatecert and zmcertinstall (for a certificate) - Zimbra :: Wiki