[SOLVED] Self-signed certificates not trusted

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
symo
Posts: 16
Joined: Sat Sep 13, 2014 2:55 am

[SOLVED] Self-signed certificates not trusted

Postby symo » Thu Sep 07, 2017 3:04 pm

Hello, on my devices I started to get an error related to self signed certificates that could not be trusted by email clients, so it's impossible to send email. I tried to regenerate the certificate following the kb article 21727 but I still can't send email both from computer and mobile devices.
Is there any workaround to solve this issue?

Thanks in advance
Simone


phoenix
Ambassador
Ambassador
Posts: 26244
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Self-signed certificates not trusted

Postby phoenix » Thu Sep 07, 2017 3:34 pm

The 'workaround' would be to get yourself a certificate issued by a trusted authority. They usually cost money but if you don't want to pay then you could look at getting a certificate from LetsEncrypt, read all about it here: https://letsencryptonline.com/ There's also a sticky 'how to' thread in this Administrators forum, have a read of that for full details on what you need to do for Zimbra.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
symo
Posts: 16
Joined: Sat Sep 13, 2014 2:55 am

Re: Self-signed certificates not trusted

Postby symo » Thu Sep 07, 2017 3:55 pm

Thanks phoenix!
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2769
Joined: Thu May 22, 2014 4:47 pm

Re: [SOLVED] Self-signed certificates not trusted

Postby jorgedlcruz » Thu Sep 07, 2017 4:58 pm

Hi Symo,
I've been using for production Comodo SSL Certificates, you can find the wiki page here:
And on namecheap the price is really low:

Make sure you protect both your FQDN and your servername, so for example if your servername is myserver.domain.com and your FQDN is mail.domain.com you will need to buy a multi-SAN (multidomain SSL) or a Wildcard, if both are the same, then you are lucky enough to have a really cheap options on namecheap.

Or go with the Let's Encrypt as phoenix said, I wanted to give an alternative option.

Cheers
Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 19 guests