Well, I finally made some progress. Of course, being relatively new to CAs, certificate trust chains, etc. I ended up wasting half my day figuring it out.
Most of the research I did pointed to importing the certificate presented to the browser when using the ZWC into the Trusted Root Certification Authorities store, which no matter how many dozens of ways I did it made no difference. I ended up going into /opt/zimbra/ssl/zimbra/ca and converting the PEM format ca.pem certificate into Windows compatible DER format:
openssl x509 -inform PEM -in ca.pem -outform DER -out ca.cer
Then I imported this into the Trusted Root Certification Authorities store and finally I’m not getting the warnings from IE.
I did have one more question for anyone knowledgeable with certificates and domains/DNS. I’d like to use the servers host name as the URL instead of the FQDN (e.g. https://mail/ instead of https://mail.subdomain.domain.com/) to simplify things, but of course the browser then complains the URL doesn’t match the certificate (issued to mail.subdomain.domain.com). Anyone know if this is possible without getting the warnings? I tried to create a certificate using just the hostname but it requires a proper domain name.
Reply With Quote Quick reply to this message
View Public Profile
Send a private message to EnSn
Find all posts by EnSn
Add EnSn to Your Buddy List
#3 (permalink) Add to raj’s Reputation Report Post
Old 03-08-2010, 06:06 PM
raj raj is offline
raj’s Zimbra Wiki Sandbox Page
Joined: Oct 2005 – Rep: 6 x 6 raj will become famous soon enoughraj will become famous soon enoughraj will become famous soon enough
Location: USA, Canada and India
ZCS/ZD Version: Release 5.0.18_GA FOSS Ed., CentOS 5.3 on VMware ESXi
just for future …you can just download the ca.pem and rename to ca.crt and double click on it in windows the install the cert..no need to convert