Results 1 to 10 of 10

Thread: Self-signed cert. created/deployed but can't connect in browser

  1. #1
    Join Date
    Apr 2008
    Location
    Brighton, ON, Canada
    Posts
    89
    Rep Power
    7

    Default Self-signed cert. created/deployed but can't connect in browser

    Hi

    I have created a self-signed cert as per this wiki page.

    Everything went fine, w/o error but when trying to connect via the browser, it complains that it is unable to connect. No errors given in broswer. This is internal so no firewall issues. I have restarted zimbra.

    Am I missing something? Is the url more than just https://<server_ip> ?

    The admin console loads via https just fine. Not sure if this is using same cert.

    Regards,
    Scott
    Last edited by strafford; 11-16-2010 at 07:00 AM.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by strafford View Post
    I have created a self-signed cert as per this wiki page.

    Everything went fine, w/o error but when trying to connect via the browser, it complains that it is unable to connect. No errors given in broswer. This is internal so no firewall issues. I have restarted zimbra.
    You should see a warning about the Certificate, try clearing the browser cache and if that doesn't work the delete the old certificate from your browser and try again.

    Quote Originally Posted by strafford View Post
    Am I missing something? Is the url more than just https://<server_ip> ?
    Yes, the format is actually: https://<fqdn.of.yourserver> - you should not be connecting via the IP address.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Apr 2008
    Location
    Brighton, ON, Canada
    Posts
    89
    Rep Power
    7

    Default

    Bill

    Thanks for the reply. I cleared out my cache, but no change. Still get:
    Code:
    Unable to connect
    
    Firefox can't establish a connection to the server at <local_ip>
    Quote Originally Posted by phoenix View Post
    You should see a warning about the Certificate, try clearing the browser cache and if that doesn't work the delete the old certificate from your browser and try again.
    There was one there (probably from the admin console access) but no change.

    Quote Originally Posted by phoenix View Post
    Yes, the format is actually: https://<fqdn.of.yourserver> - you should not be connecting via the IP address.
    This is a fake fqdn. I added it to my hosts file but that did not make a difference (I would imagine this would only help get rid of the ssl cert. domian name warnings though I am no expert here).


    One thing to note (not sure if its relevant) but in Firefox, under the certificate manager, in the 'Servers' tab, there is a set of certs for 'Zimbra Collaboration Suite', and under that are two certs. First one is for fqdn, and local ip w/ port 443, and expires 12/04/2011 (this is strange since this was a new install last week). Second cert is also for fqdn, local ip and port 7071 for the admin console, with expiry of 15/11/2011 (which is correct, since I recreated it yesterday).

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by strafford View Post
    Bill

    Thanks for the reply. I cleared out my cache, but no change. Still get:
    Code:
    Unable to connect
    
    Firefox can't establish a connection to the server at <local_ip>

    There was one there (probably from the admin console access) but no change.
    Can you telnet to the server on port 443?


    Quote Originally Posted by strafford View Post
    This is a fake fqdn. I added it to my hosts file but that did not make a difference (I would imagine this would only help get rid of the ssl cert. domian name warnings though I am no expert here).
    You should remove the FQDN from your hosts file and create DNS & A records for the domain and point it to the server.


    Quote Originally Posted by strafford View Post
    One thing to note (not sure if its relevant) but in Firefox, under the certificate manager, in the 'Servers' tab, there is a set of certs for 'Zimbra Collaboration Suite', and under that are two certs. First one is for fqdn, and local ip w/ port 443, and expires 12/04/2011 (this is strange since this was a new install last week). Second cert is also for fqdn, local ip and port 7071 for the admin console, with expiry of 15/11/2011 (which is correct, since I recreated it yesterday).
    Just remove all of the certificates and then you should get the request to confirm the certificate when you connect.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Apr 2008
    Location
    Brighton, ON, Canada
    Posts
    89
    Rep Power
    7

    Default

    Sorry, but I meant my windows hosts file. I have properly setup the fake fqdn. Is resolves, dnslookup works, etc.

    I did remove the cert., but there was no change.

    -Scott

  6. #6
    Join Date
    Apr 2008
    Location
    Brighton, ON, Canada
    Posts
    89
    Rep Power
    7

    Default

    Quote Originally Posted by phoenix View Post
    Can you telnet to the server on port 443?
    I get a 'Connection refused' response.

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by strafford View Post
    I get a 'Connection refused' response.
    That would indicate that the service isn't available on that port, things to check: firewall; all zimbra services running; other web server running; etc.? Have a look at the services first and also check the log files for problems.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Join Date
    Apr 2008
    Location
    Brighton, ON, Canada
    Posts
    89
    Rep Power
    7

    Default

    This is internal, so there shouldn't be any firewall issues. In the admin console, under server status there is a check mark beside each service. This machine only runs the zimbra mail suite.

    I did see this in the log files from this morning, but it doesn't update (appear again in the log) when I attempt to connect via https:
    mailbox.log:2010-11-16 08:08:47,907 WARN [btpool0-12] [] log - javax.net.ssl.SSLException: Receiv
    ed fatal alert: unknown_ca
    mailbox.log:2010-11-16 08:59:06,562 WARN [btpool0-20] [] log - javax.net.ssl.SSLException: Unreco
    gnized SSL message, plaintext connection?
    mailbox.log:2010-11-16 08:59:11,191 WARN [btpool0-20] [] log - javax.net.ssl.SSLException: Unreco
    gnized SSL message, plaintext connection?

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Do the services show as running if you run a 'zmcontrol status'? Don't worry about the error messages, I'd expect them if you're using telnet but it should also show a connection prompt.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    Join Date
    Apr 2008
    Location
    Brighton, ON, Canada
    Posts
    89
    Rep Power
    7

    Default

    Yes, when running as zimbra user, they all show as running. Telnet gives no prompt.
    zimbra@mailserv:~$ zmcontrol status
    Host mailserv.<mydomain>
    antispam Running
    antivirus Running
    ldap Running
    logger Running
    mailbox Running
    mta Running
    snmp Running
    spell Running
    stats Running

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  2. zmclamdctl is not running after upgrade
    By Darren in forum Installation
    Replies: 24
    Last Post: 10-10-2008, 10:10 AM
  3. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 01:42 AM
  4. Can't send or receive mails from Zimbra
    By ppurama in forum Administrators
    Replies: 4
    Last Post: 11-14-2005, 10:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •