Results 1 to 4 of 4

Thread: Self signed CA

  1. #1
    Join Date
    Jan 2008
    Posts
    7
    Rep Power
    7

    Default Self signed CA

    hello,

    so, i'have the problem, i'cant creat a self signed cert with the admin gui.
    it'was the problem with version 5.0 GA and later the update to 5.0.1 was the
    same problem. anyway ... is there a way to creat a new self signed cert with
    zmcertmgr with console? i want create a cert with where show my location
    not US etc. the second problem is if start there connection here start the warning that the cert is only for my hostname magic.port-x.de not for the ip
    of this host 212.21.69.101 this is the second mistake.

    so, for that i'want create a new cert for "ALL Server" to solve this problem.

    thanx for help ...
    best regards
    Mario Roeber

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Did you try zmcertmgr? Must be run as root:
    [root@holder-test bin]# ./zmcertmgr
    Usage:
    ./zmcertmgr -help
    ./zmcertmgr createca [-new]
    ./zmcertmgr deployca
    ./zmcertmgr createcsr <self|comm> [-new] [subject] [-subjectAltNames "host1,host2"]
    ./zmcertmgr deploycrt <self> [-new] [validation_days]
    ./zmcertmgr deploycrt <comm> [certfile] [ca_chain_file]
    ./zmcertmgr viewcsr <self|comm> [csr_file]
    ./zmcertmgr viewdeployedcrt [all|ldap|mta|proxy|mailboxd]
    ./zmcertmgr viewstagedcrt <self|comm> [certfile]
    ./zmcertmgr verifycrt <self|comm> [priv_key] [certfile]
    ./zmcertmgr verifycrtchain <ca_file> <certfile>
    ./zmcertmgr migrate

    Comments:
    - Default <certfile>
    self-signed /opt/zimbra/ssl/zimbra/server/server.crt
    commerical /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    - Default <priv_key>
    self-signed /opt/zimbra/ssl/zimbra/server/server.key
    commercial /opt/zimbra/ssl/zimbra/commercial/commercial.key
    - Default <subject>
    "/C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=dogfood.zimbra.com"
    - Default <validation_days> is 365.
    - Default <csr_file> is
    - deploycrt self installs the certificates using self signed csr in /opt/zimbra/ssl/zimbra/server
    - deploycrt comm installs the certificates using commercially signed certificate in /opt/zimbra/ssl/zimbra/commercial
    - verifycrt <self|comm> compares openssl md5 [priv_key] and [certfile].
    - migrate moves certs/keys from ZCS installs prior to version 5.0.x

  3. #3
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    5.0.0_GA and 5.0.1_GA self signed ssl policy defaults require the Locale/State/Country values to match the ca. The default ssl configuration file in 5.0.2_GA lifts this restriction.

    I don't understand your second question about the hostname not matching the ip address? Which ZCS component is complaining about the mismatch? Please post the exact error so we can better identify the source of the problem.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  4. #4
    Join Date
    Jan 2008
    Posts
    7
    Rep Power
    7

    Default Answer

    the problem with te current cert is, if you do connection you get everytime
    the information the cert match to magic.port-x.de not to 212.21.69.101
    adn it's come the warning maybe someone sit in the middel.

    oh .. my english ... but ok .. i'hope you understand ...

    of'curse a self signet cert is not verifyed by a comerz service.
    but the IP and alias should togother match the same cert.

    bye mario

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 01:51 AM
  2. Replies: 8
    Last Post: 05-18-2007, 03:03 PM
  3. SSL - Commercial or Self Signed?
    By jhoelz in forum Installation
    Replies: 5
    Last Post: 03-08-2007, 06:37 AM
  4. Addition self signed certs
    By 3RiversTechAdmin in forum Administrators
    Replies: 0
    Last Post: 11-17-2006, 11:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •