Results 1 to 3 of 3

Thread: [SOLVED] External IMAP account with self signed cert?

  1. #1
    Join Date
    Aug 2008
    Posts
    13
    Rep Power
    7

    Default [SOLVED] External IMAP account with self signed cert?

    Hi All,

    Can anyone tell me how to force zimbra to accept an Self-signed certificate for adding an external IMAP account that uses SSL?


    I think that might be the reason it's refusing to connect to the external mailserver.

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Set zmlocalconfig -e 'data_source_trust_self_signed_certs=true' (will allow/remove error message)

    ZD has ssl_allow_accept_untrusted_certs true by default which warns & prompts for accept. I fought for a similar attribute in ZCS data_source_trust_certs_override_allowed (either true from the start or even just possible since most would like a tiny warning rather than wide open or blocked case for self-signed & expired < which is also just either blocked or not even for commercial) but wasn't implemented, if you'd like to add your thoughts here: Bug 35441 - external data sources with self-signed/expired certs no longer work

    The per cert method:
    Get the cert.
    $ openssl s_client -host secure.server.com -port 993
    Paste the cert into a file and load it into cacerts. Be sure to set perms and ownership on cacerts keystore file. (as zimbra)
    $ keytool -import -file /tmp/secure.server.com.crt -alias secure.server.com -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
    $ zmmailboxdctl restart

  3. #3
    Join Date
    Aug 2008
    Posts
    13
    Rep Power
    7

    Default

    Ah thanks for that,

    Have added my thoughts to that bug, the error message zimbra returns is unacceptable in my opinion as it makes about as much sense as a chocloate fireguard and just leads to confusion

    It's even more of a problem as it's a user facing dialogue displaying the error.

    The message doesn't even fit in the box it was trying to display it in.

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  2. Exchange as an External account
    By asrag in forum General Questions
    Replies: 2
    Last Post: 04-10-2008, 09:43 AM
  3. IMAP problem after added external account
    By Thanakorn in forum Administrators
    Replies: 5
    Last Post: 02-21-2008, 10:50 AM
  4. Replies: 9
    Last Post: 01-31-2008, 10:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •