Certificate Question

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
myk.robinson
Posts: 3
Joined: Mon Mar 20, 2017 4:32 pm

Certificate Question

Post by myk.robinson »

Let me start by saying, I have never touched a zimbra server before today.

We have a new client who has a self hosted Zimbra mail server, and the certificate expired today. I did some Google-Fu and was able to generate another self signed certificate. and the dates are matching in the Zimbra admin panel:

Image

http://imgur.com/a/byTHm

However, when I visit the URL, it still shows a security error as if the certificate is not quite working. I did restart the Zimbra server, as recommended in the article I was reading.

Talk to me like I am five, What is the proper method to get this issue resolved?

Image

http://imgur.com/a/koheO

Thanks
User avatar
howanitz
Advanced member
Advanced member
Posts: 65
Joined: Mon Feb 01, 2016 9:27 am

Re: Certificate Question

Post by howanitz »

The best thing to do would be to purchase and install a certificate from a certificate authority. That way there will be a chain of trust, and you will not get that error on any common web browsers. You are looking at about $18 per year.

As a work around, you can accept your self-signed certificate on each browser you connect with. Here are instructions:

https://support.solarwinds.com/Success_ ... ertificate
myk.robinson
Posts: 3
Joined: Mon Mar 20, 2017 4:32 pm

Re: Certificate Question

Post by myk.robinson »

howanitz wrote:The best thing to do would be to purchase and install a certificate from a certificate authority. That way there will be a chain of trust, and you will not get that error on any common web browsers. You are looking at about $18 per year.

As a work around, you can accept your self-signed certificate on each browser you connect with. Here are instructions:

https://support.solarwinds.com/Success_ ... ertificate
Thanks for the response.

Their domain name is maintained by their ISP which is Charter Communications. Will they need to be involved at all, or do I just purchase a certificate and install it into the Zimbra server?

Thanks
User avatar
howanitz
Advanced member
Advanced member
Posts: 65
Joined: Mon Feb 01, 2016 9:27 am

Re: Certificate Question

Post by howanitz »

There are a number of ways to prove ownership of the domain. If you can receive email for postmaster@ or hostmaster@ you should be fine.

https://wiki.zimbra.com/wiki/Administra ... cate_Tools

I like the Thawte ssl123, but there are many options at different price points. I have only ever been successful installing from cli. Search the forums, and you should find examples of tips for installing commercial ssl certificates from the different CAs.

https://www.rapidsslonline.com/ssl-bran ... sl123.aspx
myk.robinson
Posts: 3
Joined: Mon Mar 20, 2017 4:32 pm

Re: Certificate Question

Post by myk.robinson »

@howanitz, thanks for the assist. I bought an SSL certificate through Go Daddy. Generated the CSR and installed the certs through the Zimbra administration control panel without issue. Everything is working as it should now :)

Thanks again.
mikehomee
Posts: 2
Joined: Thu Feb 09, 2017 6:01 am

Re: Certificate Question

Post by mikehomee »

Hi! I'm also new to ZImbra. And a clients has an existing setup with SSL issue due to SHA1 security. How can I change/update it? Will replacing the commercial.crt file do?

Thanks!
User avatar
howanitz
Advanced member
Advanced member
Posts: 65
Joined: Mon Feb 01, 2016 9:27 am

Re: Certificate Question

Post by howanitz »

Yes, same procedure, purchase and install a new commercial certificate.
Post Reply