A new security patch has been released to further address CVE-2022-27924.
This issue has been ranked as High by the Zimbra Team and we recommend that you use the most recent release available to avoid any issues.
https://blog.zimbra.com/2022/05/new-zimbra-security-patches-9-0-0-patch-24-1-and-8-8-15-patch-31-1/ (May 10th 2022)

Intranet sign in

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
Posts: 2
Joined: Thu Jan 13, 2022 3:26 am

Intranet sign in

Postby zimbraNewbie » Thu Jan 13, 2022 3:55 am

Hi all,

The place I work hired a contractor to install Zimbra on Centos7 and the project has been delivered.

For reasons unknown to me, certificate configuration and some other things were not included as a deliverable.
So I've come back from leave and had the Zimbra solution handed to me and already there is an issue.

As I said, Zimbra is installed on Centos7, but to administer it I go to the intranet address 'https://ipaddress:7071/zimbraAdmin'.
However, the certificate is not trusted so i get an error on HTTPS (see pic below for details)

The certificate that the browser sees is a self-signed cert which is from the Zimbra server.
I exported that cert and installed it on the local Windows machine I was using, into both the Trusted Root Certification Authority store of the local machine and current user but it still fails.

So I have a feeling that there is more to the configuration then simply importing the cert onto the local machine. Perhaps related to the private key?
I'm not a Linux expert so does anyone know how to get HTTPS working for Zimbra login?

Note: I've searched the forum and also read the installation and admin guide, I can't see any mention of how to do this.

zimbra ssl.png
zimbra ssl.png (54.31 KiB) Viewed 2449 times

User avatar
Outstanding Member
Outstanding Member
Posts: 708
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 8.8.15_P31.1 RHEL8 Network Edition

Re: Intranet sign in

Postby JDunphy » Fri Jan 14, 2022 4:13 pm

Different browsers have different lengths for certificate validation but 1 year is generally the maximum safe acceptable period for most browsers in 2022. Meaning - creating self signed certificates longer than a year can create problems because you will need to know which browsers to use and which ones are moving to even shorter periods. Most of the major browsers will not accept certificates over 1 year in duration without complaining. Reissue your certificate for 1 year and see if that helps.

You can google this yourself what the constraints are for your browser but this came up first from a commercial certificate issuer.

Ref: https://www.godaddy.com/garage/ssl-term-change-2021/

If you want to move to a PKI issued certificate so you don't have to update every browser, you could use a free certificate like letsencrypt which is what many of us do. These forums and wiki's are littered with how to articles on that.

Ref: https://wiki.zimbra.com/wiki/Installing ... ertificate

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 50 guests