Our server (8.6.0_GA_1242) certificate is due for renewal - our issuer (Gandi) gives a warning about needing a new CSR. I've used the Zimbra Admin Certificates GUI wizard and ticked the option for "Replace the current CSR" and have even gone so far as to manually backup then delete the commercial.key file to ensure a new key file is being created (it is).
However, using this approach the content of the CSR is always identical to the previous CSR. I went through the steps 6 times, tried changing the Digest size from SHA256 up to SHA512, but the CSR result was always the same.
The only way I've been able to force a new CSR is to use the CLI version of regeneration, following the example under the Wiki https://wiki.zimbra.com/wiki/Administra ... ertificate and adjustng the subject / domain to our values. I then copied the new CSR to the mounted remote backup so that I could pick up the file on my desktop PC...
This makes me wonder if the Admin GUI's regen method has a bug and is not passing the "-new" parameter to the command? (I don't know if that's the cause, but this seems to fit what I've seen on our system).
Has anyone else experienced this issue with the GUI tool?
- Zimbra Collaboration 9.0.0 now available. Read the release notes.
- Zimbra Collaboration 8.8.15 LTS now available. Read the release notes.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub, Blog and the Community Github.
- Zimbra is Open Source! Read the FAQ. You can also contribute and build binary from source!
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
2 posts • Page 1 of 1
I also found that I had to complete the install of the new certificate with the CLI commands as the GUI version for "install" and loading the certificates gave an error. The CLI method uses cat to combine the Root and Intermediate certificates (required for Gandi certs) - it's possible that had I used the combined cert in the GUI rather than the separate Root bundle and the Intermediary seperately the GUI may have worked, but I didn't consider testing that until afterwards - I just wanted to finish the job...
Who is online
Users browsing this forum: No registered users and 8 guests