New Secure Email Zimlet

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
oetiker
Outstanding Member
Outstanding Member
Posts: 275
Joined: Fri Mar 07, 2014 1:05 pm
Location: Switzerland
ZCS/ZD Version: Release 10.0.6.GA.4518.UBUNTU20_64
Contact:

New Secure Email Zimlet

Post by oetiker »

Hi

Since Zimbra 8.7.5_GA_1764 there is a new Secure Email Zimlet. I tried to upload my certificat in p12 format. It's a free Comodo smime
certificat.

o I did a export from firefox with the backup option.

But I get only import errors from zimbra during the upload.

Is there a working procedure to import a certificate to the Secure Email zimlet?

thanks Manuel
Jean-Claude
Posts: 3
Joined: Fri Jun 23, 2017 1:34 pm

Re: New Secure Email Zimlet

Post by Jean-Claude »

Hi Manuel

Did you succeed whith this zimlet.

My certificate is from Terena.

I'am trying to upload and i have some errors :

Code:smime.CERT_VALIDATION_FAILED
at com.zimbra.cs.service.smime.SmimeServiceException.CERT_VALIDATION_FAILED(SmimeServiceException.java:87)
at com.zimbra.cs.smime.SmimeCryptoUtil.validateCertificate(SmimeCryptoUtil.java:338)
at com.zimbra.cs.service.smime.SaveSmimeCertificate.save(SaveSmimeCertificate.java:121)
at com.zimbra.cs.service.smime.SaveSmimeCertificate.handle(SaveSmimeCertificate.java:95)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:607)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:460)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:273)
at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:303)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:213)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:821)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1685)
at com.zimbra.cs.servlet.CsrfFilter.doFilter(CsrfFilter.java:158)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.RequestStringFilter.doFilter(RequestStringFilter.java:54)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:59)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.ETagHeaderFilter.doFilter(ETagHeaderFilter.java:47)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.ContextPathBasedThreadPoolBalancerFilter.doFilter(ContextPathBasedThreadPoolBalancerFilter.java:107)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.ZimbraQoSFilter.doFilter(ZimbraQoSFilter.java:116)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at com.zimbra.cs.servlet.ZimbraInvalidLoginFilter.doFilter(ZimbraInvalidLoginFilter.java:117)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:473)
at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:318)
at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:288)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:318)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:437)
at org.eclipse.jetty.server.handler.DebugHandler.handle(DebugHandler.java:84)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
at org.eclipse.jetty.server.Server.handle(Server.java:517)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:306)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:153)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
at com.zimbra.cs.util.CertValidationUtil.validateCertificate(CertValidationUtil.java:67)
at com.zimbra.cs.smime.SmimeCryptoUtil.validateCertificate(SmimeCryptoUtil.java:320)
Jean-Claude
Posts: 3
Joined: Fri Jun 23, 2017 1:34 pm

Re: New Secure Email Zimlet

Post by Jean-Claude »

Hi
I can upload my certificate, thanks to the support.

If value returns TRUE then set it to FALSE by executing below command :
zmprov mcf zimbraSmimeOCSPEnabled FALSE

But now i can't encrypt email.

Message encryption failed. No valid public certificate found for name@address.fr

How can i upload a public certificate of other people ?

Thanks
danielfarrelly
Advanced member
Advanced member
Posts: 145
Joined: Fri Sep 12, 2014 10:32 pm

Re: New Secure Email Zimlet

Post by danielfarrelly »

Use Firefox to create and download Comodo email certificate in pkcs12. Backup cert with key to smime keystore. Upload pkcs12 to account. Convert pkcs12 to pem without key. Share pem cert with whomever (Make sure contact you're trying to send encrypted email has public cert attached).
Post Reply