Hi there

I've just installed Zimbra 8 OpenSource on Ubuntu 12 64Bit (VirtualBox machine...let's call this machine ZIMBRA) for testing reasons. After installation I've installed the self-signed certificates by the certification web console manager successfully.

I've got an extern Server with cyrus imap running well on port 143 and 993 (imaps). Let's call this Server EXTERN.

On ZIMBRA I installed Evolution and Thunderbird for testing reasons. The IMAP-mail account of let's say USER on EXTERN could be configured well and works by using the non-secure imap protocol on port 143 and the secure (ssl) imaps protocol on port 993 for Evolution and Thunderbird as well. With both clients everything is nice using ZIMBRA as client host accessing the IMAP account on EXTERN.


I log in to the account I created on ZIMBRA via the Zimbra web-interface and in Settings/accounts I want to add this USER account but it doesn't work.


I click on imap, enter the right user name, password and the official (from Internet accessible, same as in Evolution and Thunderbird) FQN of EXTERN and it doesn't work. It just messages FAILED. Same effect when turning on SSL and connecting through port 993.


On EXTERN, the cyrus server on the internet messages:

When trying to connect via imap 143

Oct 14 21:19:19 ERSETZT master[22939]: about to exec /usr/lib/cyrus/bin/imapd
Oct 14 21:19:19 ERSETZT imap[22939]: executed
Oct 14 21:19:19 ERSETZT imap[22939]: accepted connection
Oct 14 21:19:19 ERSETZT imap[22939]: TLS server engine: cannot load CA data
Oct 14 21:19:19 ERSETZT imap[22939]: imapd:Loading hard-coded DH parameters
Oct 14 21:19:19 ERSETZT imap[22939]: TLS server engine: No CA file specified. Client side certs may not work
Oct 14 21:19:19 ERSETZT imap[22939]: SSL_accept() incomplete -> wait
Oct 14 21:19:19 ERSETZT imap[22939]: sslv3 alert certificate unknown in SSL_acce pt() -> fail
Oct 14 21:19:19 ERSETZT imap[22939]: STARTTLS negotiation failed: %IP of Zimbra Server%


When trying to connect via imaps 993

Oct 14 21:46:37 ERSETZT imaps[23172]: accepted connection
Oct 14 21:46:37 ERSETZT imaps[23172]: TLS server engine: cannot load CA data
Oct 14 21:46:37 ERSETZT imaps[23172]: imapd:Loading hard-coded DH parameters
Oct 14 21:46:37 ERSETZT imaps[23172]: SSL_accept() incomplete -> wait
Oct 14 21:46:37 ERSETZT imaps[23172]: sslv3 alert certificate unknown in SSL_accept() -> fail
Oct 14 21:46:37 ERSETZT imaps[23172]: imaps TLS negotiation failed: %IP%
Oct 14 21:46:37 ERSETZT imaps[23172]: Fatal error: tls_start_servertls() failed
Oct 14 21:46:37 ERSETZT master[5217]: process 23172 exited, status 75
Oct 14 21:46:37 ERSETZT master[5217]: service imaps pid 23172 in BUSY state: terminated abnormally



I've tried several ways of generating new server certificates for ZIMBRA but I always had the same behaviour.

What way might be helpful here? What can be done here? Obviously it's a certificate issue related to the zimbra instance only (even Evolution and Thundbird on the SAME machine can handle the certificates properly).


Regards