help needed with ipad/iphone zimbra certificate

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
glenndm
Advanced member
Advanced member
Posts: 111
Joined: Fri Sep 12, 2014 10:35 pm
ZCS/ZD Version: Zimbra 8.8.15_GA_3847 (build 201908

help needed with ipad/iphone zimbra certificate

Postby glenndm » Tue Aug 25, 2020 3:39 pm

Hi,
Everytime I need to configure an iphone/ipad for zimbra, it's the same painful experience:
what has changed now to get it to accept the zimbra certificate ?

Here again: with an IOS 13.6 ipad, the zimbra self-signed certificate refuses to be trusted

The zimbra certificate is a self-signed one provided with the zimbra install with an expiration date of december 2027

failed attempts: (which worked in the past, but no longer)
1) put the .cer file on a webserver. open safari to the file. the cer file is downloaded and put in a profile.
the certificate can be installed, albeit with several warnings that it cannot be verified and must be approved by the user
-> the certificate in the profile stated "not verified" or "not trusted".
no option to accept it

2) using apple configurator, a profile is created containing the certificate.
that profile is added to the device.
-> the certificate in the profile stated "not verified" or "not trusted".
no option to accept it

3) under general, info/about, certificate trust settings
on previous versions, the certificate could be accepted here
-> not anymore


I saw a post somewhere, that Apple refuses certificates with a validity of more than 825 days. My certificate is such.
Is this correct?
Can I create a second certificate on the Zimbra server with a shorter validity and keeping that along with the current one?
I don't want to disrupt the current ipads/ iphones in use.

Or is the only viable option to give in and buy a commercial certificate?
best regards
glenn


User avatar
fs.schmidt
Outstanding Member
Outstanding Member
Posts: 262
Joined: Sat Sep 13, 2014 3:37 am
Location: Brazil
Contact:

Re: help needed with ipad/iphone zimbra certificate

Postby fs.schmidt » Tue Aug 25, 2020 3:59 pm

Hello,

You need to deploy a valid certificate in order to make it work properly.

You can use a free valid certificate from Let's Encrypt or buy a certificate.
My best regards,
Fabio S. Schmidt
http://www.bktech.com.br
Brasília - Brazil
glenndm
Advanced member
Advanced member
Posts: 111
Joined: Fri Sep 12, 2014 10:35 pm
ZCS/ZD Version: Zimbra 8.8.15_GA_3847 (build 201908

Re: help needed with ipad/iphone zimbra certificate

Postby glenndm » Tue Aug 25, 2020 4:21 pm

thank you for replying (so quickly)

so it is the last then "Or is the only viable option to give in and buy a commercial certificate?" (granted let's encrypt is not commercial)

a sidenote: for me, the self-signed certificate is valid, I have total control over server and client. now I need to trust a 3rd party because everyone says so :(
best regards
BradC
Advanced member
Advanced member
Posts: 76
Joined: Tue May 03, 2016 1:39 am

Re: help needed with ipad/iphone zimbra certificate

Postby BradC » Tue Aug 25, 2020 11:45 pm

Is the certificate you are deploying a chained cert with the CA in there also?

I have no issues installing a CA on the ipad, then installing the cert that was signed by the CA.

I don't use certificates created by Zimbra so I don't know how the are structured. I generate self-signed certs for a few services in our system. As long as the root CA is installed first it just works.
Jordack
Posts: 34
Joined: Sat Sep 13, 2014 2:15 am

Re: help needed with ipad/iphone zimbra certificate

Postby Jordack » Mon Aug 31, 2020 2:10 am

Any time you use a self signed cert you will have have issues. However you should be able to push the CA cert to the iOS device through MDM

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 15 guests