I have 3 I-Phone users that used to be able to connect to our old Dovecott IMAP using a cert issued by tinyCA. I set up Zimbra as a commercial CA and signed the csr using our internal tinCA set-up (our root CA is imported into all our windows clients).
The i-phones will not use the CA at all (HTTPS IMAP(S) or SMTP over SSL)
All the windows clients have no problems.
I do not want to go to a self signed cert that is not part of our internal CA
can anyone help me with one or more of the following:-
I have my CA.pem from tinyCA what needs to be in the CA.key file so I can self sign in zimbra against our existing CA
Importing (not generating) a self signed CA into zimbra
Adding my CA into the i-phone
The i-phones were OK with a self signed cert on dovecot
The phone fails all ssl communications
The phone is OK if you remove ssl (ie IMAP(S) to IMAP)
Other clients are OK with the cert (firefox outlook IE)
My ZCS is 5.0.4 GA Release (open source)
The server logs show a good SSL connection but nothing else for the i-phones