Page 1 of 2 12 LastLast
Results 1 to 10 of 35

Thread: Invalid or untrusted server SSL certificate

Hybrid View

  1. #1
    Join Date
    Feb 2008
    Posts
    14
    Rep Power
    7

    Default Invalid or untrusted server SSL certificate

    I have an Exchange IMAP connection setup through ZDesktop. Since the last upgrade (today) I am unable to send mail on this connection. I checked the account settings and when I click Validate and Save I get an error message about an Invalid or untrusted server SSL certificate.

    I'm not using SSL on either the incoming or outgoing connection.

    Is there anything going on here that I can do quickly to resolve this?

  2. #2
    Join Date
    Jan 2007
    Posts
    1,688
    Rep Power
    11

    Default

    You obvious are using SSL. If you click on the (detail) link when you see the error message, it will show you the SSL certificate.

  3. #3
    Join Date
    Feb 2008
    Posts
    14
    Rep Power
    7

    Default

    Really?

    Use SSL encryption when accessing this server is un-checked
    Use SSL encryption when sending mail is un-checked

    I must be an idiot, because to me it is not obvious that I'm using SSL.

    And where is this "detail" link to display the SSL certificate? Are you sure you are talking about Zimbra Desktop?

  4. #4
    Join Date
    Dec 2008
    Posts
    7
    Rep Power
    6

    Default

    Your reply is not helpful. Furthermore, it's not very nice: "You obvious are using SLL." Don't be so confident unless your software works correctly (which it doesn't).

    I am having the same problem as GaryParr, and the "Use SSL encryption when accessing this server" and "Use SSL encryption when sending mail" checkboxes are both "obvious" unchecked. Please research this problem before insinuating that we are both doing something wrong. It would be very appreciated. Thank you.

  5. #5
    Join Date
    Feb 2008
    Posts
    14
    Rep Power
    7

    Default

    And to boot... you have added a feature that STOPS a product from working in a manner in which people have become accustomed to it working. End users do not care that an SSL certificate is wrong. That is a problem for the mail server admin. You would expect an option to ignore the error and continue anyway. That way at least the user could e-mail the mail server admin and let them know that there is a problem.

  6. #6
    Join Date
    Nov 2005
    Posts
    518
    Rep Power
    11

    Default

    What version of Zimbra Desktop are you guys running? Is it zdesktop_0_92_build_1415? On what OS?

  7. #7
    Join Date
    Nov 2005
    Posts
    518
    Rep Power
    11

    Default

    OK nm I just reproduced this (on zdesktop_0_92_build_1415) with tcpdump running. Desktop is issuing starttls; that's why it's encountering the certificate warning. JJ will be able to tell us if there is a preference for disabling this.
    Last edited by bobby; 12-09-2008 at 02:26 PM.

  8. #8
    Join Date
    Feb 2008
    Posts
    14
    Rep Power
    7

    Default

    Thanks for looking into this Bobby. As a reference, I'm running .92 build 1418 on Linux. Any work around such as changing a config setting would be appreciated.

  9. #9
    Join Date
    Jan 2007
    Posts
    1,688
    Rep Power
    11

    Default

    could you please send me a screenshot of the error message you see? it sounds like your imap or smtp server is doing STARTTLS, which is a variation of SSL in that the connection is first established over plain socket and then negotiated into a secure channel. Please also include zdesktop.log right after it fails.

    We are required to enforce this as it's considered a security risk. Please understand that you are using beta software so thing will get changed. We'll try to do our best to provide workarounds.

    In this case, the easiest workaround is to add a key to <install>/conf/localconfig.xml:

    <key name="data_source_trust_self_signed_certs">
    <value>true</value>
    </key>

    then restart desktop server.

  10. #10
    Join Date
    Dec 2008
    Posts
    7
    Rep Power
    6

    Default

    jjzhuang, thank you for the workaround. I haven't had a chance to try it yet. Did GaryParr send you a screenshot and the logfile? If not, I will try to send you it tomorrow. Just let me know.

Similar Threads

  1. zmmailboxdctl is not running !!!!!!
    By olibite in forum Administrators
    Replies: 14
    Last Post: 04-28-2011, 06:50 AM
  2. Initializing ldap...FAILED (28416) error
    By josesoft in forum Installation
    Replies: 11
    Last Post: 05-16-2009, 04:00 PM
  3. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 01:42 AM
  4. [SOLVED] Commercial SSL Certificate - Web Host's Server Software
    By jremshik@pgprint.com in forum Administrators
    Replies: 2
    Last Post: 09-18-2008, 01:45 PM
  5. Replies: 1
    Last Post: 01-12-2008, 09:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •