today I had strange problem with ssl. I was trying to deploy commercial ssl certificate from thawte. System's openssl verify was succesfull but zimbra's openssl verify ended with error. See below.
mail:~/w/a# openssl verify -CAfile ca-bundle.cert mail.crt
mail:~/w/a# /opt/zimbra/openssl/bin/openssl verify -CAfile ca-bundle.cert mail.crt
mail.crt: /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
error 2 at 2 depth lookup:unable to get issuer certificate
I was not sure what is the problem with zimbra's openssl and needed to deploy certificate quickly so I workarounded it by:
mv /opt/zimbra/openssl/bin/openssl /opt/zimbra/openssl/bin/openssl.zimbra
ln -s /usr/bin/openssl /opt/zimbra/openssl/bin/openssl
With this workaround I was able to verify and deploy certificate. Do you have idea what is wrong with zimbra's openssl?