Results 1 to 5 of 5

Thread: Managing certificates

  1. #1
    Join Date
    Dec 2007
    Posts
    5
    Rep Power
    7

    Default Managing certificates

    Hi all,
    I'm working on a Zimbra Open Source Installation 5.0 RC2 on Ubuntu Dapper Drake.
    I've done a fresh OS and zimbra install.
    My problem is that I'm not able to change the default certificate to meet my needs; I have to change for example country from US to IT, but more important I have to use aliases to identify my server.
    When I create a self signed certificate I can't save it from web admin interface (I get a jetty error); I read a thread on the forum about running zmfixperms: I've done it a nothing changes (can't save).
    So I followed the wiki instructions to recreate the certificates and (at the step named "Remove the self-signed root certificate from the cacerts keystore (as zimbra)") I faced the problem of a tampered certificate and nothing based on ssl could work. I reinstalled evrithing and now (I wish for at least one year) it works; I'm asking what will happen when my certificate wil expire?

    Can someone help with this?

    Thanks in advance.

    Andrea.

  2. #2
    Join Date
    Dec 2007
    Posts
    5
    Rep Power
    7

    Default By the way...

    I can't find on my installation the utility zmcreatecert.
    I've tried a
    > find -name zmcreatecert
    from /
    No results found. Is it ok?

    Andrea.

  3. #3
    Join Date
    Dec 2007
    Posts
    5
    Rep Power
    7

    Default Some things to try...

    I've found some answers here:
    13936-self-signed-cert-manager-fails-5-0ga-foss

    I still don't undertand why when certificate install fails all web administration task (based on SSL) cannot be performed anymore. This is not a bug? The operation cannot be rolled back?

    Andrea.

  4. #4
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Quote Originally Posted by andrea.colleoni View Post
    I've found some answers here:
    13936-self-signed-cert-manager-fails-5-0ga-foss

    I still don't undertand why when certificate install fails all web administration task (based on SSL) cannot be performed anymore. This is not a bug? The operation cannot be rolled back?

    Andrea.
    It's a bug. It will be fixed in 5.0.1 which will be released soon

  5. #5
    Join Date
    Dec 2007
    Posts
    36
    Rep Power
    7

    Default

    Let me hijack this threat

    Just installed zimbra 5.0 on 3 servers:

    1. ldap
    2. Store/apache/logging
    3. mta

    Now I try to manage my certificates using the admin-console, but no certificates appear at all. If I want to display the certificates of the ldap/mta server, an error occurs:
    Code:
    Message: error while proxying request to target server (url=https://zldap.domain.nl:7071/service/admin/soap/GetCertRequest): Connection refused Error code: service.PROXY_ERROR Method: ZmCsfeCommand.prototype.invoke Details:soap:Receiver
    Make sense, cause there is nothing running op port 7071 on ldap/mta.

    But when I click on the certificates foe the store-server, it takes a while. Firefox even turns grey (not responding for a while) and finally the webpage appears.. but no certificate data is being displayed!

    Besides this:
    I have read a lot about certificates and zimbra. I guess it is still pretty new in the app. I don't think it is currently possible to change the root (or sub) CA certificate using the admin console. This makes the certificate-import function not so useful. Importing a certificate is nice, but you also have to be able to build the complete certificatechain!. Will this be possible on the next release?

Similar Threads

  1. [SOLVED] Installing existing SSL certificates (solved)
    By inigoml in forum Administrators
    Replies: 22
    Last Post: 02-24-2009, 09:32 AM
  2. Replies: 1
    Last Post: 11-05-2007, 05:55 PM
  3. Commercial Certificates for slapd
    By trunet in forum Administrators
    Replies: 2
    Last Post: 10-09-2007, 05:24 AM
  4. Re-create certificates
    By demanl in forum Administrators
    Replies: 4
    Last Post: 05-23-2006, 06:59 AM
  5. Upgrading and certificates
    By kennyfordham in forum Installation
    Replies: 1
    Last Post: 11-19-2005, 10:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •