I manage a zimbra install for a small university. We have been running zimbra for about 3 years now for our students who get addresses of "firstname.lastname@example.org". We are finally moving toward a single signon solution and are building a full student domain (which probably means I'll be asking about external auth in about a month). In order to make things less confusing, we want to give the student domain the same name we have been using for student email addresses, "subdomain".
This means, however, that we had to build out a new server, "subdomain" with the same hostname as our current zimbra server. As this was going to break webmail for our users, I set up a virtual host under a new name, "newwebmail", and put a redirect on the domain controller to send legacy users to the new webmail page. As a result, I had to disable ssl for zimbra webmail as there were certificate mismatch errors.
MX records still point to zimbra properly for "subdomain.domain.tld", but there are technically now two servers with the same hostname. We are functional, but I want to get encryption working again for webmail. What is the best way to go about doing this?
Is it possible to change the hostname of the zimbra server without screwing up the domains it is receiving mail for? Would it be a better idea to leave things sort of broken and generate a ssl certificate with only the vhost's name? If so, how do I go about generating an ssl csr for a hostname that is different from the one zimbra is configured for? zmcertmgr seems to only generate a csr for "subdomain.domain.tld", not "newwebmail.domain.tld".
Any advice would be greatly appreciated.