Results 1 to 4 of 4

Thread: [SOLVED] How to install a new certificate for diferents domains

  1. #1
    Join Date
    Sep 2009
    Posts
    7
    Rep Power
    6

    Default [SOLVED] How to install a new certificate for diferents domains

    Hello, I installed a ZCS 6 server named s-darwin.mydomain.com one year ago. From the installation Ive had problems with my ssl certificates when I access from Outlook or when I access to my webmail (https://webmail.mydomain.com) from IE (not from Firefox because we import the certificate).
    Ive read a lot of documentation about this issue and I think the thing is we have a certificate installed for s-darwin.mydomain.com and Im trying to connect to diferent domains like for example webmail.mydomain.com or pop.mydomain.com.
    Yesterday I tried to install a new certificate and I had a great number of problems. Finally, at night I had to restore my ZCS Server from a backup because its a producction server but Id like to know how could I solve my certificate issue.
    The steps I followed were:

    1.- Following this link I installed the new certificate:

    /opt/zimbra/bin/zmcertmgr createca -new
    /opt/zimbra/bin/zmcertmgr createcrt -new -days 10950 -subject "/C=US/ST=CA/L=NVA/O=ZCS/OU=ZCS/CN=s-darwin.saferain.com"
    /opt/zimbra/bin/zmcertmgr createcrt -new -days 10950 -subjectAltNames "mail.saferain.com,pop.saferain.com,webmail.safera in.com"
    /opt/zimbra/bin/zmcertmgr deploycrt self -allserver
    /opt/zimbra/bin/zmcertmgr viewdeployedcrt

    2.- It looked run succesfully but when I restarted ZCS I found this error on ldap service:

    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.

    and ZCS didnt start succesfully ...

    3.- I tried to reinstall the certificate a lot of times but I never restored my server. I tried with these commands:
    /opt/zimbra/bin/zmcertmgr createca -new
    /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
    /opt/zimbra/bin/zmcertmgr deploycrt self
    /opt/zimbra/bin/zmcertmgr viewdeployedcrt

    ... and the error didnt disapear ... I even tried to restore the original certificates I previously backed up but nothing was solved ...

    My question is: how could I install a new certificate for my s-darin.mydomain.com ZCS server that lets me to access diferents domains like webmail.mydomain.com, pop.mydomain.com, smtp.mydomain.com ...

    I would be very grateful if someone could help me.
    Thanks for your time.

    Miguel A. Velasco
    IT Manager

  2. #2
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    If I understand your question correctly, you need a certificate that supports Subject Alternate Name (SAN), also known as a Unified Communications Certificate (UCC).

    You also may want to vote for Bug 8128 - multiple SSL certificates on one server
    Last edited by uxbod; 05-13-2010 at 06:15 AM. Reason: made URI http so will show description

  3. #3
    Join Date
    Sep 2009
    Posts
    7
    Rep Power
    6

    Default

    Thanks ewilen for your reply.
    Ive voted for it.

    Miguel A. Velasco

  4. #4
    Join Date
    Oct 2009
    Posts
    6
    Rep Power
    6

    Default

    This is certainly not beautiful, but I made the necessary changes to the file zmcertmgr and got me right certificate

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. Replies: 4
    Last Post: 09-28-2009, 07:45 PM
  3. Problem with install RapidSSL Certificate
    By MrSnaKe in forum Administrators
    Replies: 2
    Last Post: 09-17-2009, 02:00 AM
  4. [SOLVED] Can't install SSL123 certificate
    By MacTI in forum Installation
    Replies: 2
    Last Post: 09-16-2008, 07:08 PM
  5. [SOLVED] How to install certificate wizard?
    By salu in forum Installation
    Replies: 1
    Last Post: 06-17-2008, 11:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •