Page 1 of 1

Certificate Question

Posted: Mon Mar 20, 2017 4:56 pm
by myk.robinson
Let me start by saying, I have never touched a zimbra server before today.

We have a new client who has a self hosted Zimbra mail server, and the certificate expired today. I did some Google-Fu and was able to generate another self signed certificate. and the dates are matching in the Zimbra admin panel:

Image

http://imgur.com/a/byTHm

However, when I visit the URL, it still shows a security error as if the certificate is not quite working. I did restart the Zimbra server, as recommended in the article I was reading.

Talk to me like I am five, What is the proper method to get this issue resolved?

Image

http://imgur.com/a/koheO

Thanks

Re: Certificate Question

Posted: Mon Mar 20, 2017 7:29 pm
by howanitz
The best thing to do would be to purchase and install a certificate from a certificate authority. That way there will be a chain of trust, and you will not get that error on any common web browsers. You are looking at about $18 per year.

As a work around, you can accept your self-signed certificate on each browser you connect with. Here are instructions:

https://support.solarwinds.com/Success_Center/Virtualization_Manager_(VMAN)/Accept_a_self-signed_certificate

Re: Certificate Question

Posted: Mon Mar 20, 2017 7:37 pm
by myk.robinson
howanitz wrote:The best thing to do would be to purchase and install a certificate from a certificate authority. That way there will be a chain of trust, and you will not get that error on any common web browsers. You are looking at about $18 per year.

As a work around, you can accept your self-signed certificate on each browser you connect with. Here are instructions:

https://support.solarwinds.com/Success_Center/Virtualization_Manager_(VMAN)/Accept_a_self-signed_certificate


Thanks for the response.

Their domain name is maintained by their ISP which is Charter Communications. Will they need to be involved at all, or do I just purchase a certificate and install it into the Zimbra server?

Thanks

Re: Certificate Question

Posted: Mon Mar 20, 2017 8:16 pm
by howanitz
There are a number of ways to prove ownership of the domain. If you can receive email for postmaster@ or hostmaster@ you should be fine.

https://wiki.zimbra.com/wiki/Administration_Console_and_CLI_Certificate_Tools

I like the Thawte ssl123, but there are many options at different price points. I have only ever been successful installing from cli. Search the forums, and you should find examples of tips for installing commercial ssl certificates from the different CAs.

https://www.rapidsslonline.com/ssl-brands/thawte/ssl123.aspx

Re: Certificate Question

Posted: Mon Mar 20, 2017 9:52 pm
by myk.robinson
@howanitz, thanks for the assist. I bought an SSL certificate through Go Daddy. Generated the CSR and installed the certs through the Zimbra administration control panel without issue. Everything is working as it should now :)

Thanks again.

Re: Certificate Question

Posted: Fri Mar 24, 2017 5:27 am
by mikehomee
Hi! I'm also new to ZImbra. And a clients has an existing setup with SSL issue due to SHA1 security. How can I change/update it? Will replacing the commercial.crt file do?

Thanks!

Re: Certificate Question

Posted: Fri Mar 24, 2017 11:32 am
by howanitz
Yes, same procedure, purchase and install a new commercial certificate.