Results 1 to 2 of 2

Thread: zmcertctl ignores "subject"

  1. #1
    Join Date
    Jan 2010
    Posts
    3
    Rep Power
    5

    Default zmcertctl ignores "subject"

    Hi,

    After searching the forum for a great answer... I've found nothing, so I decided to post.

    My configuration is quite simple: One Ubuntu 8.04 Server with ZCS 6.0.4 (64bit).
    Code:
    zimbra@hl-zcs:~$ zmcontrol -v
    Release 6.0.4_GA_2038.UBUNTU8_64 UBUNTU8_64 FOSS edition.
    I would like to change the generic "Zimbra Collaboration Suite" certificates for my own self signed certificate. To do so, I've followed the procedure found on the wiki. Everything ran perfectly, but the result is disapointing.

    Here are the command and result:
    Code:
    root@hl-zcs:~# /opt/zimbra/bin/zmcertmgr createcrt -new -days 1825 -subject "/C=FR/ST=Alsace/L=XXXXXX/O=Hopital de XXXXXX/O=Service Informatique/CN=*.hl-XXXXXX.fr"
    Validation days: 1825
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100112170309
    ** Generating a server csr for download self -new -keysize 1024
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100112170309
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    
    
    root@hl-zcs:~# /opt/zimbra/bin/zmcertmgr createcrt -new -days 1825 -subjectAltNames "mail.hl-XXXXXX.fr,hl-zcs.hlXXXXXX.local"
    Validation days: 1825
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100112170410
    ** Generating a server csr for download self -new -keysize 1024
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100112170410
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    
    
    root@hl-zcs:~# /opt/zimbra/bin/zmcertmgr deploycrt self -allserver
    ** Saving global config key zimbraSSLCertificate...done.
    ** Saving global config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    
    
    root@hl-zcs:~# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
    ::service mta::
    notBefore=Jan 12 16:04:14 2010 GMT
    notAfter=Jan 11 16:04:14 2015 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
    SubjectAltName= hl-zcs.hlXXXXXX.local, mail.hl-XXXXXX.fr
    ::service proxy::
    notBefore=Jan 12 16:04:14 2010 GMT
    notAfter=Jan 11 16:04:14 2015 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
    SubjectAltName= hl-zcs.hlXXXXXX.local, mail.hl-XXXXXX.fr
    ::service mailboxd::
    notBefore=Jan 12 16:04:14 2010 GMT
    notAfter=Jan 11 16:04:14 2015 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
    SubjectAltName= hl-zcs.hlXXXXXX.local, mail.hl-XXXXXX.fr
    ::service ldap::
    notBefore=Jan 12 16:04:14 2010 GMT
    notAfter=Jan 11 16:04:14 2015 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=hl-zcs.hlXXXXXX.local
    SubjectAltName= hl-zcs.hlXXXXXX.local, mail.hl-XXXXXX.fr
    As you can read, "subject" and "issuer" are not exactly what we can expect as a good result!!!

    Any good idea is welcome!!!

    Best regards,
    Bob

  2. #2
    Join Date
    Jan 2010
    Posts
    3
    Rep Power
    5

    Default

    Hi,

    It seems that no one is able to help me...

    To be sure this issue is not related to my installation, I've build a VM with a fresh new Ubuntu 8.04 LTS Server with only ZCS 6.04 (all is 64 bits).

    And I can confirme this is an issue every one can easyly experiment.

    Am I alone?

    Thanks for your help

    Best Regards,
    Bob

Similar Threads

  1. Replies: 0
    Last Post: 09-08-2009, 08:34 AM
  2. zmcertmgr gencsr ignores subject parameter
    By dpward in forum Administrators
    Replies: 3
    Last Post: 08-12-2009, 03:48 PM
  3. spamassassin not learn, zmtrainsa ignores junked mail
    By lukefilewalker in forum Administrators
    Replies: 0
    Last Post: 11-20-2006, 09:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •