Certificate Question

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
myk.robinson
Posts: 3
Joined: Mon Mar 20, 2017 4:32 pm

Certificate Question

Postby myk.robinson » Mon Mar 20, 2017 4:56 pm

Let me start by saying, I have never touched a zimbra server before today.

We have a new client who has a self hosted Zimbra mail server, and the certificate expired today. I did some Google-Fu and was able to generate another self signed certificate. and the dates are matching in the Zimbra admin panel:

Image

http://imgur.com/a/byTHm

However, when I visit the URL, it still shows a security error as if the certificate is not quite working. I did restart the Zimbra server, as recommended in the article I was reading.

Talk to me like I am five, What is the proper method to get this issue resolved?

Image

http://imgur.com/a/koheO

Thanks


User avatar
howanitz
Advanced member
Advanced member
Posts: 56
Joined: Mon Feb 01, 2016 9:27 am

Re: Certificate Question

Postby howanitz » Mon Mar 20, 2017 7:29 pm

The best thing to do would be to purchase and install a certificate from a certificate authority. That way there will be a chain of trust, and you will not get that error on any common web browsers. You are looking at about $18 per year.

As a work around, you can accept your self-signed certificate on each browser you connect with. Here are instructions:

https://support.solarwinds.com/Success_Center/Virtualization_Manager_(VMAN)/Accept_a_self-signed_certificate
myk.robinson
Posts: 3
Joined: Mon Mar 20, 2017 4:32 pm

Re: Certificate Question

Postby myk.robinson » Mon Mar 20, 2017 7:37 pm

howanitz wrote:The best thing to do would be to purchase and install a certificate from a certificate authority. That way there will be a chain of trust, and you will not get that error on any common web browsers. You are looking at about $18 per year.

As a work around, you can accept your self-signed certificate on each browser you connect with. Here are instructions:

https://support.solarwinds.com/Success_Center/Virtualization_Manager_(VMAN)/Accept_a_self-signed_certificate


Thanks for the response.

Their domain name is maintained by their ISP which is Charter Communications. Will they need to be involved at all, or do I just purchase a certificate and install it into the Zimbra server?

Thanks
User avatar
howanitz
Advanced member
Advanced member
Posts: 56
Joined: Mon Feb 01, 2016 9:27 am

Re: Certificate Question

Postby howanitz » Mon Mar 20, 2017 8:16 pm

There are a number of ways to prove ownership of the domain. If you can receive email for postmaster@ or hostmaster@ you should be fine.

https://wiki.zimbra.com/wiki/Administration_Console_and_CLI_Certificate_Tools

I like the Thawte ssl123, but there are many options at different price points. I have only ever been successful installing from cli. Search the forums, and you should find examples of tips for installing commercial ssl certificates from the different CAs.

https://www.rapidsslonline.com/ssl-brands/thawte/ssl123.aspx
myk.robinson
Posts: 3
Joined: Mon Mar 20, 2017 4:32 pm

Re: Certificate Question

Postby myk.robinson » Mon Mar 20, 2017 9:52 pm

@howanitz, thanks for the assist. I bought an SSL certificate through Go Daddy. Generated the CSR and installed the certs through the Zimbra administration control panel without issue. Everything is working as it should now :)

Thanks again.
mikehomee
Posts: 2
Joined: Thu Feb 09, 2017 6:01 am

Re: Certificate Question

Postby mikehomee » Fri Mar 24, 2017 5:27 am

Hi! I'm also new to ZImbra. And a clients has an existing setup with SSL issue due to SHA1 security. How can I change/update it? Will replacing the commercial.crt file do?

Thanks!
User avatar
howanitz
Advanced member
Advanced member
Posts: 56
Joined: Mon Feb 01, 2016 9:27 am

Re: Certificate Question

Postby howanitz » Fri Mar 24, 2017 11:32 am

Yes, same procedure, purchase and install a new commercial certificate.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 78 guests