So I'm trying to get Zimbra Mobile working.

And I'm about to be hoist on my own petard; I can see it coming.

My server is named That's the server's actual name, so that's what I created the self-signed cert pointed to.

But of course, that's not what anyone actually *calls* it. Most people call it, and that name resolves to two different addresses; the address of my firewall in my public DNS zone, and the actual address of the server in my internal zone.

So, even if I recreated the certificate so that it's name was zmail, the error I'm getting when I try to set up the Exchange account on the iPhone isn't going to go away... because all the doco says that you have to have the EAS server name be the same IP address from both sides of your firewall, or everything will blow to hell... and zmail *has* to resolve to 2 different addresses, because apparently my firewall setup won't permit packets to the public address from the private LAN to get NATted back inside.

Any ideas other than replacing the firewall (which may be practical...)