I am running Zimbra 5.0.0 GA on Ubuntu on a single server behind a NAT router. The server's FQDN is of the form myhost.mydomain.com (this is the output of the hostname command, and is the Zimbra server name). However I will use the URL mydomain.com to access the server, which will connect through the router (this is the Zimbra domain).

The self-signed SSL certificate that was generated by Zimbra is for myhost.mydomain.com rather than mydomain.com. I am trying to run zmcertmgr gencsr in order to create a certificate with a CN of mydomain.com, but it is ignoring the subject parameter that I am passing to it. Here is the command I am using:
sudo /opt/zimbra/bin/zmcertmgr gencsr self -new "/C=US/ST=MyStateName/L=MyCityName/O=MyName/CN=mydomain.com"
However it simply re-creates the certificate with an organization name of "Zimbra Collaboration Suite", a state and location of "N/A", and a CN of myhost.mydomain.com.

I have tried the following procedure:
  • completely deleting everything in /opt/zimbra/ssl
  • deleting zimbraCertAuthorityCertSelfSigned and zimbraCertAuthorityKeySelfSigned in LDAP
  • hard-coding my desired values in /opt/zimbra/conf/zmssl.cnf.in
  • using the hostname command to temporarily change the FQDN of the server to the domain name alone
  • creating the certificate authority with zmcertmgr createca
  • deploying the certificate authority with zmcertmgr deployca
  • generating the certificate request with the command shown earlier
  • restarting Zimbra

...but the generated certificate still contains the wrong parameters.

In a separate issue, the "Configuration > Servers" and "Tools > Certificates" sections in the administrative UI do not seem to be working at all for me either, even after a clean re-install of Zimbra 5.0.0 GA, so I can't see any settings in there. FYI, here is what I am getting when I try to click them (substituting myhost.mydomain.com where appropriate):
Message: system failure: exception during auth {RemoteManager: myhost.mydomain.com->zimbra@myhost.mydomain.com:22} Error code: service.FAILURE Method: ZmCsfeCommand.prototype.invoke Details:soap:Receiver