Results 1 to 1 of 1

Thread: Zimbra SSL certificate problem

  1. #1
    Join Date
    Feb 2008
    Location
    United States
    Posts
    10
    Rep Power
    7

    Default Zimbra SSL certificate problem

    1st, I hope I have posted this in the right spot...

    Ok.. Heres the deal... I am successfully creating a SSL Certificate using Zimbra. But, when attempting to access the site, or email, I get the popup about my certificate not matching the server.. blah, blah, blah...

    Anyways, I have attempted a numerous amount of times to correct this.

    THIS IS AN EXAMPLE DNS...

    The hostname of the server is: intelsolutions.net
    The mail server is: mail.intelsolutions.net

    Server is a CentOS5 platform w/ Zimbra 5 Suite

    Certificate is showing just "intelsolutions.net" when it needs to say "mail.intelsolutions.net". So I have edited the zmssl.cnf file to attempt to accomplish this. I have c/p the output of my POLICY and REQ:
    (For those attempting to use this as a fix, this is only a partial copy of my zmssl.cnf)

    GNU nano 1.3.12
    File: /opt/zimbra/conf/zmssl.cnf


    # A few difference way of specifying how similar the request should look
    # For type CA, the listed attributes must be the same, and the optional
    # and supplied fields are just that :-)
    policy = policy_match

    # For the CA policy
    [ policy_match ]
    countryName = supplied
    stateOrProvinceName = supplied
    organizationName = supplied
    organizationalUnitName = supplied
    commonName = supplied
    emailAddress = optional

    # For the 'anything' policy
    # At this point in time, you must list all acceptable 'object'
    # types.
    [ policy_anything ]
    countryName = supplied
    stateOrProvinceName = supplied
    localityName = optional
    organizationName = supplied
    organizationalUnitName = supplied
    commonName = supplied
    emailAddress = optional

    ################################################## ##################
    [ req ]
    default_bits = 1024
    default_keyfile = privkey.pem
    distinguished_name = req_distinguished_name
    attributes = req_attributes
    x509_extensions = v3_ca # The extentions to add to the self signed cert

    # Passwords for private keys if not present they will be prompted for
    # input_password = secret
    # output_password = secret

    # This sets a mask for permitted string types. There are several options.
    # default: PrintableString, T61String, BMPString.
    # pkix : PrintableString, BMPString.
    # utf8only: only UTF8Strings.
    # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
    # MASK:XXXX a literal mask value.
    # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
    # so use this option with caution!
    string_mask = nombstr

    req_extensions = v3_req # The extensions to add to a certificate request

    [ req_distinguished_name ]
    countryName = Country Name (2 letter code)
    countryName_default = US
    countryName_min = 2
    countryName_max = 2

    stateOrProvinceName = Oklahoma (full name)
    stateOrProvinceName_default = N/A

    localityName = Washington (eg, city)
    localityName_default = N/A

    0.organizationName = Intel Solutions (eg, company)
    0.organizationName_default = N/A

    # we can do this but it is not needed normally :-)
    #1.organizationName = Intel Solutions (eg, company)
    #1.organizationName_default = Intel Solutions

    organizationalUnitName = Intel Solutions (eg, section)
    organizationalUnitName_default = Intel Solutions

    0.commonName_default = mail.intelsolutions.net
    0.commonName_max = 64
    1.commonName_default = mail.chillingout.com
    1.commonName_max = 64
    2.commonName_default = mail.thecloset.net
    2.commonName_max = 64

    emailAddress = services@intelsolutions.net
    emailAddress_max = 64

    # SET-ex3 = SET extension number 3

    [ req_attributes ]
    challengePassword = A challenge password
    challengePassword_min = 4
    challengePassword_max = 20

    unstructuredName = An optional company name

    -------------------------------------

    Now, why in the world would it not take my REQ statements to create the certificate ?? zmssl.cnf and zmssl.cnf.in are both showing this, but the certificate still persists to create with the hostname of the actual server and not with what I need in the certificate.

    Any ideas on what this noob is doing wrong ??

    Thanks in advance !
    Last edited by Craz; 12-23-2008 at 12:58 PM.

Similar Threads

  1. zimbra install with perpetually broken logger/stats
    By jptech in forum Installation
    Replies: 8
    Last Post: 09-29-2008, 03:33 PM
  2. Zimbra spam system
    By rajahd in forum Administrators
    Replies: 9
    Last Post: 04-16-2008, 08:25 PM
  3. Replies: 9
    Last Post: 03-01-2008, 08:21 PM
  4. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  5. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 11:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •