I am running a system behind a router.
The system has a 192.168.10.x address.
I'm trying to set up a certificate that won't break zimbra's ldap server, yet will be accepted by outside web users.

I have a registered domain where my myname.us is set to my wan address.
machine.myname.us equals, the local address the machine.

If I set a certificate to anything but machine.myname.us, zimbra's ldap server breaks down.
I have tried both from the command line ( Ajcody-Notes-SSLCerts - Zimbra :: Wiki ) and from the the admin page. If the admin page has a cert that is anything but machine name, I get errors like
Your certificate was not installed due to the error : system failure: XXXXX ERROR: Unmatching certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current_comm.key) pair.

I'm using https://www.cacert.org for signed certificates.

The wild card checkbox in zimbra admin page does nothing.
If I use *.myname.us, ldap breaks.
If I use myname.us, and a Subject Alternative Name of machine.myname.us, ldap breaks.
If I use machine.myname.us and a SAN of myname.us, ldap survives, but users get a certificate machine.myname.us that mismatches myname.us -- the SAN information seems to get lost.