Results 1 to 5 of 5

Thread: Help needed to regenerate SLL cert

  1. #1
    Join Date
    Oct 2009
    Location
    Dublin, IRELAND
    Posts
    712
    Rep Power
    7

    Default Help needed to regenerate SLL cert

    I have installed 6.0.4 FOSS on Centos 5.3

    When installing I named the server zimbra.domain.ctry, and it generated an ssl cert based on that name.

    However, our public email hostname is mail.domain.ctry - so the name of the cert does not match, and briefcase documents are not accessible externally.

    I have since set the ZimbraPublicServiceHostname and ZimbraPublicServiceProtocol to the appropriate values so that briefcase works correctly. However, I would also like to set the SSL cert straightened out.

    I have tried to generate a new SSL cert both through the Admin GUI, and with the CLI tool, but no matter what I do I keep getting a cert with the Subject zimbra.domain.ctry

    It ignores the O, and OU settings I input, and ignores the AlternativeSubjects I specify too.

    The articles I have been able to find on the wiki all refer to 4.5 and 5.0 - so has something changed in 6.0 ?

    Can anyone walk me through the steps I need to take as I am obviously missing something.

    Thanks

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Why don't you just change the server name with ZmSetServerName to the new name you require?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Additionally if your internal server name is different to how it is seen externally your emails may get tagged as SPAM.

  4. #4
    Join Date
    Oct 2009
    Location
    Dublin, IRELAND
    Posts
    712
    Rep Power
    7

    Default

    To date I have never had an issue with the server name being different from the external name - with zimbra or either of our previous email servers.

    However, if the best way forward is to rename the server, I am willing to do so.

    I am confused though as to how this will solve my current problem - which is that I cannot get a new ssl cert generated with any name other than zimbra.company.ctry

    Is the ssl cert generation looking at the hostname somewhere under the covers, and ignoring what I type ?

    If it is not, I am going to be in an even more screwed up state - where everything internally and externally points to mail.domain.ctry - but the ssl cert is different from that.

  5. #5
    Join Date
    Oct 2009
    Location
    Dublin, IRELAND
    Posts
    712
    Rep Power
    7

    Default

    I finally got this to work. But, I still have some questions/observations.

    I followed the WIKI article Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    I followed the example "Single-Node Self-Signed Certificate"

    It seems to me that there is a step missing between Generating an new CA, and generating a certificate signed by it. Unless I ran the command

    Code:
    zmcertmgr deployca
    I could not get any of my custom changes in the CA to take. Is this correct ?

    Secondly it appears to me that the command

    Code:
    createcsr (self|comm) [-new] [-subject subject] [-subjectAltNames "host1,host2"] 
    
    Note: Angle brackets changed to parentheses for display purposes
    The angle brackets caused the parameter to disappear from the post ?
    is asking for one required parameter, self or comm, and up to 3 optional parameters. Am I misunderstanding what the (self|comm) means ?

    I found that if I included the "self" parameter my command failed, and did nothing. Removing it allowed me to generate a certificate signing request.

    I would appreciate your feedback.
    Last edited by liverpoolfcfan; 02-04-2010 at 03:29 PM. Reason: Change angle brackets to partntheses for display purposes

Similar Threads

  1. Replies: 13
    Last Post: 12-18-2012, 05:07 PM
  2. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  3. [SOLVED] Tomcat ignoring new SSL cert?
    By gkra in forum Administrators
    Replies: 1
    Last Post: 09-07-2007, 11:44 AM
  4. Replies: 2
    Last Post: 03-25-2007, 10:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •