ZCS and Self issued certificate

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
masterx81
Posts: 13
Joined: Sat Sep 13, 2014 3:25 am

ZCS and Self issued certificate

Postby masterx81 » Thu May 17, 2018 4:30 pm

Hi!
I'm using an old ZCS 6. I'm migrating it to a newer version but it take time...
I'm trying to implement SSL/TLS on imap and smtp connections on the current system, so i've issued a new certificate (with wildcard *.domain.com) via the admin web console.
I've installed the certificate in the Trusted Root Certification Authorities Certificate Store at the clients, but i still get an error when outlook connects to the server. Looking at the certificate is missing the issuer so that the certificate can't be verified.
How i can fix this? I need to creade a self signed certificate with correct issuer and deploy it to the clients?
Really thanks!


User avatar
zimico
Advanced member
Advanced member
Posts: 71
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.7.5
Contact:

Re: ZCS and Self issued certificate

Postby zimico » Fri May 18, 2018 12:03 pm

Hi. Outlook does not accept self signed cert. You have to use a commercial one.
Regards.
masterx81
Posts: 13
Joined: Sat Sep 13, 2014 3:25 am

Re: ZCS and Self issued certificate

Postby masterx81 » Fri May 18, 2018 12:28 pm

The error that i get is "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider". In windows normally you can fix this installing the root certificate of the server in the local Trusted Root Certification Authorities Certificate Store, so that the certificate can be trusted. If i open the certificate i get a warning about missing the issuer.
there isn't a way to fix this using simply self signed? The root certificate is easly deployed by GPO....
Really thanks for the help...
User avatar
zimico
Advanced member
Advanced member
Posts: 71
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.7.5
Contact:

Re: ZCS and Self issued certificate

Postby zimico » Fri May 18, 2018 1:27 pm

You can search this forum about this issue. You can install root cert on windows for old outlook version. However, from outlook 2010, as i remember, you have to use "commercial" one (and letsencrypt, etc).
Regards.
masterx81
Posts: 13
Joined: Sat Sep 13, 2014 3:25 am

Re: ZCS and Self issued certificate

Postby masterx81 » Mon May 21, 2018 8:50 am

Hi!
I've exported the root certificate with:
openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -outform DER -out ca.der
Installed in the trusetd root store, and the warning message is gone away.
User avatar
zimico
Advanced member
Advanced member
Posts: 71
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.7.5
Contact:

Re: ZCS and Self issued certificate

Postby zimico » Wed May 23, 2018 3:50 am

Thank you. I test in my system and it's OK. It's nice to know that now I can import the cert and both outlook and browser are "green" :)
Regards,

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 24 guests