help needed with ipad/iphone zimbra certificate

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
glenndm
Advanced member
Advanced member
Posts: 125
Joined: Fri Sep 12, 2014 10:35 pm
ZCS/ZD Version: Release 8.8.15.GA.3829.UBUNTU16.64

help needed with ipad/iphone zimbra certificate

Post by glenndm »

Hi,
Everytime I need to configure an iphone/ipad for zimbra, it's the same painful experience:
what has changed now to get it to accept the zimbra certificate ?

Here again: with an IOS 13.6 ipad, the zimbra self-signed certificate refuses to be trusted

The zimbra certificate is a self-signed one provided with the zimbra install with an expiration date of december 2027

failed attempts: (which worked in the past, but no longer)
1) put the .cer file on a webserver. open safari to the file. the cer file is downloaded and put in a profile.
the certificate can be installed, albeit with several warnings that it cannot be verified and must be approved by the user
-> the certificate in the profile stated "not verified" or "not trusted".
no option to accept it

2) using apple configurator, a profile is created containing the certificate.
that profile is added to the device.
-> the certificate in the profile stated "not verified" or "not trusted".
no option to accept it

3) under general, info/about, certificate trust settings
on previous versions, the certificate could be accepted here
-> not anymore


I saw a post somewhere, that Apple refuses certificates with a validity of more than 825 days. My certificate is such.
Is this correct?
Can I create a second certificate on the Zimbra server with a shorter validity and keeping that along with the current one?
I don't want to disrupt the current ipads/ iphones in use.

Or is the only viable option to give in and buy a commercial certificate?
best regards
glenn
User avatar
fs.schmidt
Outstanding Member
Outstanding Member
Posts: 278
Joined: Sat Sep 13, 2014 3:37 am
Location: Brazil
Contact:

Re: help needed with ipad/iphone zimbra certificate

Post by fs.schmidt »

Hello,

You need to deploy a valid certificate in order to make it work properly.

You can use a free valid certificate from Let's Encrypt or buy a certificate.
Best regards.
Fabio S. Schmidt
http://www.bktech.com.br
Brasília - Brazil
glenndm
Advanced member
Advanced member
Posts: 125
Joined: Fri Sep 12, 2014 10:35 pm
ZCS/ZD Version: Release 8.8.15.GA.3829.UBUNTU16.64

Re: help needed with ipad/iphone zimbra certificate

Post by glenndm »

thank you for replying (so quickly)

so it is the last then "Or is the only viable option to give in and buy a commercial certificate?" (granted let's encrypt is not commercial)

a sidenote: for me, the self-signed certificate is valid, I have total control over server and client. now I need to trust a 3rd party because everyone says so :(
best regards
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: help needed with ipad/iphone zimbra certificate

Post by BradC »

Is the certificate you are deploying a chained cert with the CA in there also?

I have no issues installing a CA on the ipad, then installing the cert that was signed by the CA.

I don't use certificates created by Zimbra so I don't know how the are structured. I generate self-signed certs for a few services in our system. As long as the root CA is installed first it just works.
Jordack
Posts: 34
Joined: Sat Sep 13, 2014 2:15 am

Re: help needed with ipad/iphone zimbra certificate

Post by Jordack »

Any time you use a self signed cert you will have have issues. However you should be able to push the CA cert to the iOS device through MDM
Post Reply