Long time user of Zimbra, just upgraded from 8.6 to 8.7.11.
All seems OK after following instructions here https://wiki.zimbra.com/wiki/Zimbra_Rel ... .0/Upgrade.
I've been using a CACERT certificate for several years, and it works in 8.7.11 (admin console and end-user), however I cannot use zmprov CLI when this certificate is deployed.
As user Zimbra. when I type just zmprov, I get:
Code: Select all
ERROR: zclient.IO_ERROR (invoke java.security.cert.CertificateException: Certificates does not conform to algorithm constraints, server: localhost) (cause: javax.net.ssl.SSLHandshakeException java.security.cert.CertificateException: Certificates does not conform to algorithm constraints)
Steps I have tried:
- deploying a self-signed cert - yes all OK, I can use use zmprov again
- Redeploying the CACERT cert - same problem, and no errors when deploying
- Checks - appears listed in in Admin console OK
- openssl x509 -text -noout -in /opt/zimbra/ssl/zimbra/commercial/commercial.crt - gives what you would expect.
- I checked openssl s_client -showcerts -connect localhost:443, get the same as the old 8.60 install
The only hints I can find on the Net relate to obsolete certificate signing, but this reports sha512WithRSAEncryption
Appreciate any help, thanks
