Zimbra 6.0.10 OSE
Because of the fact that Outlook always asks for the "unsecure" ssl certificate I now would install the ca certificate of zimbra to my desktop.
So at first I recreate the server certificate of zimbra (Zimbra Admin UI).
Tools -> certificate
I set "self signed" certificate valid for 3650 days (10 years).
This works perfectly.
In "/opt/zimbra/ssl/zimbra/" is everything I need.
In the "server" folder I found the "server.crt" file.
I checked it with:
I can see that the certificate is valid from "2011" to "2021".
openssl x509 -in server.crt -noout -text
I also have tested the chain:
But my problem is now:
openssl verify -CAfile ca.pem /opt/zimbra/ssl/zimbra/server/server.crt
The Zimbra ca certificate is only valid from December 2010 to December 2011 (one year).
openssl x509 -in ca.pem -noout -text
If the ca certificate is invalid also my server certificate is invalid.
Why does does zimbra sign an 10 year server zertificate with an 1 year ca certificate?
Is it possible to change this? I have only found "zmzertmgr createca [-new]".