Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: [SOLVED] The issuer of this certificate could not be found.

  1. #11
    Join Date
    Nov 2010
    Posts
    9
    Rep Power
    4

    Default

    hi

    to unterstand when a certificate is valid:
    you have a number of predefined certificate authorities (verisign for example) already included in firefox.
    to get a valid certificate for your server, one of them has to sign it. when a client connects to your server, he gets the certificate and can verify the signature and thereby its issuer. if that issuer is trusted, the server can be trusted, and the client can initiate a secure channel using the public key included in the certificate.

    now if you do not want to pay for a commercial certificate, you can create your own certificate authority. then you create a certificate signed by yourself. therefore zimbra fills the "issued by" field with your server name and "Zimbra Collaboration Suite".
    that is what zimbra does by default.

    if you want this self-signed certificate to be trusted by a client, it has to import your certificate authority (ca.crt) as trusted authority.

    do you have a faculty certificate signed by a third-party (like your university or verisign etc.)?
    then you have to replace the self-signed with this certificate.

    when i open your server page (webmail.etf.unsa.ba), i see the self-signed certificate. furthermore it is issued to "igman.etf.unsa.ba", which will result in a warning ("wrong site"). the certificate is only valid for this name!
    afaik, you cannot use multiple dns names with one certificate.

    hope i could help

  2. #12
    Join Date
    Jan 2011
    Posts
    15
    Rep Power
    4

    Default

    It seems there is some problem with certificate in mekeystore (j2me key store).
    I need this certificate for j2me application.

    I tried to access gmail.com over https from java midlet.
    I exported Firefox certificate from gmail.com, and import it
    into mekeystore (key store for j2me certificates), but I stll
    got an error "Certificate site name isn't correct" (it is google.com).

    I also tried to create certificates with same attributes (CN, O, OU...) like
    this using Tomcat (I have istalled tomcat) keytool, but again with
    no luck...

    P.S.: I didn't understand your last post well...

  3. #13
    Join Date
    Nov 2010
    Posts
    9
    Rep Power
    4

    Default

    how else should i explain it?
    you should not import certificates from sites directly!

    you should only import the certificate authorities.
    once you have imported a ca, every certificate issued by this ca will be trusted by your application.

    and of course you have to use the same dns name included in the certificate. the idea of a certificate is to verfiy that you are connecting to exactly this server!
    just as your identity card is only valid for the name printed on it. if you want to use a different name, you need a different identity card. otherwise it would make no sense.

    so, if you want to run zimbra with the self-signed certificate, import the corresponding certificate authority from zimbra into mekeystore. and use the correct dns name to connect to the server.

    here is wikipedia article about pki, if you want to read in detail what i tried to explain: Public key infrastructure - Wikipedia, the free encyclopedia

  4. #14
    Join Date
    Jan 2011
    Posts
    15
    Rep Power
    4

    Default

    Hi,
    I'm sorry I didn't write anything for while, I forgot on this topic
    Anyway, I read already about public key infrastructure etc.
    I found solution for my problem without using certificates.

    So dude, thank you very much

  5. #15
    Join Date
    Jun 2009
    Posts
    10
    Rep Power
    6

    Cool I thing is NOT SOLVED

    Quote Originally Posted by aldm View Post
    Hi,
    I'm sorry I didn't write anything for while, I forgot on this topic
    Anyway, I read already about public key infrastructure etc.
    I found solution for my problem without using certificates.

    So dude, thank you very much
    Sorry but can you tell us what was the solution?
    Thanks

Similar Threads

  1. [SOLVED] Problem with commercial certificate
    By ppaixao in forum Administrators
    Replies: 3
    Last Post: 06-05-2012, 01:49 PM
  2. Replies: 20
    Last Post: 03-18-2008, 05:37 AM
  3. Replies: 2
    Last Post: 10-04-2007, 03:20 PM
  4. Replies: 16
    Last Post: 11-29-2006, 09:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •