New Secure Email Zimlet

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
oetiker
Advanced member
Advanced member
Posts: 172
Joined: Fri Mar 07, 2014 1:05 pm
Location: Switzerland
ZCS/ZD Version: Release 9.0.0.GA.3924.UBUNTU18.64 U
Contact:

New Secure Email Zimlet

Postby oetiker » Fri Mar 24, 2017 12:52 pm

Hi

Since Zimbra 8.7.5_GA_1764 there is a new Secure Email Zimlet. I tried to upload my certificat in p12 format. It's a free Comodo smime
certificat.

o I did a export from firefox with the backup option.

But I get only import errors from zimbra during the upload.

Is there a working procedure to import a certificate to the Secure Email zimlet?

thanks Manuel


Jean-Claude
Posts: 3
Joined: Fri Jun 23, 2017 1:34 pm

Re: New Secure Email Zimlet

Postby Jean-Claude » Thu Jun 29, 2017 2:05 pm

Hi Manuel

Did you succeed whith this zimlet.

My certificate is from Terena.

I'am trying to upload and i have some errors :

Code:smime.CERT_VALIDATION_FAILED
at com.zimbra.cs.service.smime.SmimeServiceException.CERT_VALIDATION_FAILED(SmimeServiceException.java:87)
at com.zimbra.cs.smime.SmimeCryptoUtil.validateCertificate(SmimeCryptoUtil.java:338)
at com.zimbra.cs.service.smime.SaveSmimeCertificate.save(SaveSmimeCertificate.java:121)
at com.zimbra.cs.service.smime.SaveSmimeCertificate.handle(SaveSmimeCertificate.java:95)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:607)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:460)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:273)
at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:303)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:213)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:821)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1685)
at com.zimbra.cs.servlet.CsrfFilter.doFilter(CsrfFilter.java:158)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.RequestStringFilter.doFilter(RequestStringFilter.java:54)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:59)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.ETagHeaderFilter.doFilter(ETagHeaderFilter.java:47)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.ContextPathBasedThreadPoolBalancerFilter.doFilter(ContextPathBasedThreadPoolBalancerFilter.java:107)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.ZimbraQoSFilter.doFilter(ZimbraQoSFilter.java:116)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.ZimbraInvalidLoginFilter.doFilter(ZimbraInvalidLoginFilter.java:117)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:473)
at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:318)
at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:288)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:318)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:437)
at org.eclipse.jetty.server.handler.DebugHandler.handle(DebugHandler.java:84)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
at org.eclipse.jetty.server.Server.handle(Server.java:517)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:306)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:153)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at com.zimbra.cs.util.CertValidationUtil.validateCertificate(CertValidationUtil.java:67)
at com.zimbra.cs.smime.SmimeCryptoUtil.validateCertificate(SmimeCryptoUtil.java:320)
Jean-Claude
Posts: 3
Joined: Fri Jun 23, 2017 1:34 pm

Re: New Secure Email Zimlet

Postby Jean-Claude » Fri Jun 30, 2017 9:16 am

Hi
I can upload my certificate, thanks to the support.

If value returns TRUE then set it to FALSE by executing below command :
zmprov mcf zimbraSmimeOCSPEnabled FALSE

But now i can't encrypt email.

Message encryption failed. No valid public certificate found for name@address.fr

How can i upload a public certificate of other people ?

Thanks
danielfarrelly
Advanced member
Advanced member
Posts: 144
Joined: Fri Sep 12, 2014 10:32 pm

Re: New Secure Email Zimlet

Postby danielfarrelly » Thu Aug 10, 2017 4:07 pm

Use Firefox to create and download Comodo email certificate in pkcs12. Backup cert with key to smime keystore. Upload pkcs12 to account. Convert pkcs12 to pem without key. Share pem cert with whomever (Make sure contact you're trying to send encrypted email has public cert attached).

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 11 guests