Hi,

i'm trying to get a usable form of ca certificate from my zimbra installation, still to no avail.

i read lot in the forums and in the wiki about the topic and, like other did, i found out that the certificates generated with version 5 miss the path to the root certification authority, something that's creating a lot of issues in my network.

I had to recreate the self signed certificates lately with the Admin web gui, everything went along fine, all certificates have been created, renewed and applied.
In my network i install certificates on all PCs via the Windows Active Directory Domain Policies. The previous Zimbra certificates have been created in version 4.5, so i could extract easily the root certificate, export it and install it via group policy.
This isn't possible with the new certificates, therefore i tried to figure out a way to do it.

Unfortunately all trials to install the ca.pem (or any export of it, even a pkcs12 created with the help of the ca.key file) under /opt/zimbra/ssl/zimbra/ca in the Trusted Root Certificate Authorities of the User certificates made Internet Explorer complain (Cannot display the Web Page): as soon as i remove the installed ca certificate IE starts to work again, although with the pesky security warning.
Nor IE neither Windows are very helpful in indicating why on earth the browser refuses to load the web page, with no verbose motivation on the page or on any log file.... it looks like it thinks that the ca certificate isn't valid for the certificate loaded from the server.

Considering this is causing annoying issues, among which the free/busy calendar check under Outlook, is there a way to do it in the proper way??

Thanks in advance to anyone helping out.


Alberto