I'm trialling 7.1.3 NE to determine if it will meet my needs.
My intention is to implement a server for hosting multiple customer domains. Each customer domain will have it's own ssl certificate covering multiple virtual hostnames (public, webmail, mobile etc.). For security reasons, all http must be redirected to https. Similarly imap to imaps, pop3 to pop3s.
Following various forum & wiki posts I've managed to get a commercial domain certificate installed using the cli commands. The certificate is for multiple hostnames on the same domain using subject alt names, with the intention of validating the public service hostname and a few virtual domains. FWIW, the server and the domain of the commercial certificate do not share the same ip address.
As it currently stands, the commercial certificate is correctly presented when connecting on one of the virtual domains and the public service hostname, but when connecting on a second virtual domain, the server's self signed cert is presented.
Zimbra-proxy is installed and both web server mode and proxy server mode were configured to redirect.
Further clarification through the use of named examples:
server hostname: server.domain.com (self signed cert, fine for mta, ldap etc.)
server ip: 126.96.36.199
public service hostname: public.customerdomain.com (commercial cert is presented - ok)
virtual host: webmail.customerdomain.com (commercial cert is presented - ok)
virtual host: mobile.customerdomain.com (self signed server.domain.com cert presented - not ok)
public.customerdomain.com ip 188.8.131.52
webmail.customerdomain.com ip 184.108.40.206
mobile.customerdomain.com ip 220.127.116.11
Both virtual domains were configured as per the admin guide instructions:
zmprov md customerdomain.com +zimbraVirtualHostName "webmail.customerdomain.com" +zimbraVirtualIPAddress "18.104.22.168"
zmprov md customerdomain.com +zimbraVirtualHostName "mobile.customerdomain.com" +zimbraVirtualIPAddress "22.214.171.124"
I didn't do this for public.customerdomain.com but that doesn't seem to matter as it works anyway.
The certificate's subject CN is webmail.customerdomain.com
The certificate's subject alt names are: webmail.customerdomain.com www.webmail.customerdomain.com mobile.customerdomain.com public.customerdomain.com in that order.
Anyone have any ideas what's going on here?
If it only worked for the webmail virtual hostname, I'd suspect that each virtual hostname should be on its own IP, but because it works for both the webmail and public names on the same IP it's confusing.
I'm not sure if it's partly working by pure chance, or if I've configured something incorrectly. Searching the NE admin guide, these forums and the wiki, I'm not finding a solution.
I need to get this ssl configuration aspect clearly understood and working before I can commit to purchasing the product. Which raises another point. Is there more detailed documentation available for this product once you buy into it, or is the NE admin guide the extent of the documentation available?
Thanks for your time.