I attempted this method to start a migration from one zimbra host to another:

Preferred Method of Moving Users To New Machine (zmmailboxmove - Network Edition Only) - Zimbra :: Wiki

It seems like most things are working however when I try to view server status and other multi-server specific item in the admin I get errors in the UI.

It seems to boil down to the SSL Cert and or the SSH keys. I tried to run

zmsshkeygen on the new host and get this error:

ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target)
[zimbra@mail log]$ zmupdateauthkeys
Same goes for zmupdateauthkeys.

If I run zmupdateauthkeys on the old host I don't get that error, but it does fail to find the ssh key it's trying to retrieve from the new server.

My two hosts are zimbra.company.com and mail.company.com, mail is the new one. zimbra.company.com has a signed cert from a third party. mail.company.com was setup by the installer with a cert signed by the ca installed on zimbra.company.com.

I've seen similar errors discussed on the forum, but no solutions for me. All of the ones I found were single server or multi-server with self signed certs. And I don't think the directions are applicable to this environment. This document covers other scenarios but not multi server, commercial certs.

Administration Console and CLI Certificate Tools - Zimbra :: Wiki

I'm thinking I might need to put the zimbra CA cert on mail so mail trusts it's own cert? (I'm not ready to get a 3rd party cert for this guy just yet) But I wanted to bounce it here before I start breaking things.