Hi!
I'm using an old ZCS 6. I'm migrating it to a newer version but it take time...
I'm trying to implement SSL/TLS on imap and smtp connections on the current system, so i've issued a new certificate (with wildcard *.domain.com) via the admin web console.
I've installed the certificate in the Trusted Root Certification Authorities Certificate Store at the clients, but i still get an error when outlook connects to the server. Looking at the certificate is missing the issuer so that the certificate can't be verified.
How i can fix this? I need to creade a self signed certificate with correct issuer and deploy it to the clients?
Really thanks!
ZCS and Self issued certificate
- zimico
- Outstanding Member
- Posts: 225
- Joined: Mon Nov 14, 2016 8:03 am
- Location: Vietnam
- ZCS/ZD Version: 8.8.15 P3
- Contact:
Re: ZCS and Self issued certificate
Hi. Outlook does not accept self signed cert. You have to use a commercial one.
Regards.
Regards.
Re: ZCS and Self issued certificate
The error that i get is "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider". In windows normally you can fix this installing the root certificate of the server in the local Trusted Root Certification Authorities Certificate Store, so that the certificate can be trusted. If i open the certificate i get a warning about missing the issuer.
there isn't a way to fix this using simply self signed? The root certificate is easly deployed by GPO....
Really thanks for the help...
there isn't a way to fix this using simply self signed? The root certificate is easly deployed by GPO....
Really thanks for the help...
- zimico
- Outstanding Member
- Posts: 225
- Joined: Mon Nov 14, 2016 8:03 am
- Location: Vietnam
- ZCS/ZD Version: 8.8.15 P3
- Contact:
Re: ZCS and Self issued certificate
You can search this forum about this issue. You can install root cert on windows for old outlook version. However, from outlook 2010, as i remember, you have to use "commercial" one (and letsencrypt, etc).
Regards.
Regards.
Re: ZCS and Self issued certificate
Hi!
I've exported the root certificate with:
openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -outform DER -out ca.der
Installed in the trusetd root store, and the warning message is gone away.
I've exported the root certificate with:
openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -outform DER -out ca.der
Installed in the trusetd root store, and the warning message is gone away.
- zimico
- Outstanding Member
- Posts: 225
- Joined: Mon Nov 14, 2016 8:03 am
- Location: Vietnam
- ZCS/ZD Version: 8.8.15 P3
- Contact:
Re: ZCS and Self issued certificate
Thank you. I test in my system and it's OK. It's nice to know that now I can import the cert and both outlook and browser are "green"
Regards,
Regards,