Let me start by saying, I have never touched a zimbra server before today.
We have a new client who has a self hosted Zimbra mail server, and the certificate expired today. I did some Google-Fu and was able to generate another self signed certificate. and the dates are matching in the Zimbra admin panel:
http://imgur.com/a/byTHm
However, when I visit the URL, it still shows a security error as if the certificate is not quite working. I did restart the Zimbra server, as recommended in the article I was reading.
Talk to me like I am five, What is the proper method to get this issue resolved?
http://imgur.com/a/koheO
Thanks
Certificate Question
Re: Certificate Question
The best thing to do would be to purchase and install a certificate from a certificate authority. That way there will be a chain of trust, and you will not get that error on any common web browsers. You are looking at about $18 per year.
As a work around, you can accept your self-signed certificate on each browser you connect with. Here are instructions:
https://support.solarwinds.com/Success_ ... ertificate
As a work around, you can accept your self-signed certificate on each browser you connect with. Here are instructions:
https://support.solarwinds.com/Success_ ... ertificate
-
- Posts: 3
- Joined: Mon Mar 20, 2017 4:32 pm
Re: Certificate Question
Thanks for the response.howanitz wrote:The best thing to do would be to purchase and install a certificate from a certificate authority. That way there will be a chain of trust, and you will not get that error on any common web browsers. You are looking at about $18 per year.
As a work around, you can accept your self-signed certificate on each browser you connect with. Here are instructions:
https://support.solarwinds.com/Success_ ... ertificate
Their domain name is maintained by their ISP which is Charter Communications. Will they need to be involved at all, or do I just purchase a certificate and install it into the Zimbra server?
Thanks
Re: Certificate Question
There are a number of ways to prove ownership of the domain. If you can receive email for postmaster@ or hostmaster@ you should be fine.
https://wiki.zimbra.com/wiki/Administra ... cate_Tools
I like the Thawte ssl123, but there are many options at different price points. I have only ever been successful installing from cli. Search the forums, and you should find examples of tips for installing commercial ssl certificates from the different CAs.
https://www.rapidsslonline.com/ssl-bran ... sl123.aspx
https://wiki.zimbra.com/wiki/Administra ... cate_Tools
I like the Thawte ssl123, but there are many options at different price points. I have only ever been successful installing from cli. Search the forums, and you should find examples of tips for installing commercial ssl certificates from the different CAs.
https://www.rapidsslonline.com/ssl-bran ... sl123.aspx
-
- Posts: 3
- Joined: Mon Mar 20, 2017 4:32 pm
Re: Certificate Question
@howanitz, thanks for the assist. I bought an SSL certificate through Go Daddy. Generated the CSR and installed the certs through the Zimbra administration control panel without issue. Everything is working as it should now
Thanks again.
Thanks again.
Re: Certificate Question
Hi! I'm also new to ZImbra. And a clients has an existing setup with SSL issue due to SHA1 security. How can I change/update it? Will replacing the commercial.crt file do?
Thanks!
Thanks!
Re: Certificate Question
Yes, same procedure, purchase and install a new commercial certificate.