I am trying to install an SSL Certificate (Existing Cert expires tomorrow)
I am running into a problem and I remember having this same issue last time, but I have no idea how I got around it.
my local server name is zimbra.mydomain.local
We access this through https://mydomain.com
When I create the CSR, it tries to add zimbra.mydomain.LOCAL as a subject alt name.
I can remove it from the list before proceeding, but it appears that it still puts it in the CSR.
I generate the certificates using the CSR and go to install them and it lists zimbra.mydomain.LOCAL as one of the subject alt names
The certificate will not install because it says the .local domain is an invalid alt name.
What am I doing wrong? Why does zimbra insist on using the local server name as a subject alt name when local server names are not allowed?
I have tried generating the CSR again... ensuring the .local name is not listed in the subject alt names, but when I paste the CSR into here: https://cryptoreport.websecurity.symant ... rCheck.jsp
it shows the .local server name in the alt names still.
It looks like I need to revoke the cert I created, but the issuer wants to charge me to revoke it.
Is there some way to make this work? What am I missing?
Help with SSL Certificate install
Re: Help with SSL Certificate install
See if https://bugzilla.zimbra.com/show_bug.cgi?id=90016#c1 helps you work around that issue with zmcertmgr.
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Re: Help with SSL Certificate install
Hello,
I will recommend to you to change your DNS configuration, as .local is not a valid TLD, and you can't order a SSL with a .local anymore, more info here, search for the .local information So, my recommendation will be to rename your Zimbra server internally, with all the internal DNS, etc. to a valid TLD domain, like zimbrasrv1.example.com and then you have multiple options:
I will recommend to you to change your DNS configuration, as .local is not a valid TLD, and you can't order a SSL with a .local anymore, more info here, search for the .local information So, my recommendation will be to rename your Zimbra server internally, with all the internal DNS, etc. to a valid TLD domain, like zimbrasrv1.example.com and then you have multiple options:
- If the internal hostname and the FQDN matchs, then buy a a simple SSL, like Comodo, RapidSSL, etc. This will be for example internall mail.example.com and externally mail.example.com
- If the hostname and the FQDN doesn't match, you need to buy then a Multi-SAN SSL Certificate. For example your internal server is srv1.example.com and your FQDN will be mail.example.com or example.com
- Finally and my suggestion in case you don't want to have much troubles, and also you can use the SSL in the future, is to buy a Wildcard SSL *.example.com, so you can name your server internally as you want.example.com and then externally have the domain you want as well, plus if you have other servers and services like webpage, etc, you can use it as well