Certificate chain for 8.71 mailbox server on private LAN with MTA on DMZ

[mskirl]

Hi all

would like to send encrypted and/or signed email from 8.71 Zimbra mailbox server (on Ubuntu 14.04), protected on a private LAN without internet access.
Another server (same versions) is doing MTA, located in the DMZ, able to access the internet.
Zimbra clients will connect to the mailbox server via vpn connect to the private LAN.
Purchased a public gold certificate from a public provider.

I understand, that the Zimbra mailbox server should have a trusted certificate (I guess, not self signed in order to do encrypted and signed emails). But is it possible to use the Zimbra MTA as an intermediate/proxy/cross chain/whatever-trusting instance, so that the certificates of the mailbox server and the public certificates can interact somehow ?

All the best
Miguel

[vavai]

Hi,

Hi all

would like to send encrypted and/or signed email from 8.71 Zimbra mailbox server (on Ubuntu 14.04), protected on a private LAN without internet access.
Another server (same versions) is doing MTA, located in the DMZ, able to access the internet.
Zimbra clients will connect to the mailbox server via vpn connect to the private LAN.
Purchased a public gold certificate from a public provider.

I understand, that the Zimbra mailbox server should have a trusted certificate (I guess, not self signed in order to do encrypted and signed emails). But is it possible to use the Zimbra MTA as an intermediate/proxy/cross chain/whatever-trusting instance, so that the certificates of the mailbox server and the public certificates can interact somehow ?

All the best
Miguel

Actually I'm a little bit confused with the terms "encrypted" and "signed", as encrypted are usually refer to S/MIME or PGP and signed are related to DKIM but if your case are on SSL certificate, then you can get the wildcard SSL certificate, install it on all server (even if it is on private LAN) and then all of them communicate each other and to the outside with TLS connection as well.