Well, I finally made some progress. Of course, being relatively new to CAs, certificate trust chains, etc. I ended up wasting half my day figuring it out.
Most of the research I did pointed to importing the certificate presented to the browser when using the ZWC into the Trusted Root Certification Authorities store, which no matter how many dozens of ways I did it made no difference. I ended up going into /opt/zimbra/ssl/zimbra/ca and converting the PEM format ca.pem certificate into Windows compatible DER format:
openssl x509 -inform PEM -in ca.pem -outform DER -out ca.cer
Then I imported this into the Trusted Root Certification Authorities store and finally I’m not getting the warnings from IE.
I did have one more question for anyone knowledgeable with certificates and domains/DNS. I’d like to use the servers host name as the URL instead of the FQDN (e.g. https://mail/ instead of https://mail.subdomain.domain.com/) to simplify things, but of course the browser then complains the URL doesn’t match the certificate (issued to mail.subdomain.domain.com). Anyone know if this is possible without getting the warnings? I tried to create a certificate using just the hostname but it requires a proper domain name.
Reply With Quote Quick reply to this message
EnSn
View Public Profile
Send a private message to EnSn
Find all posts by EnSn
Add EnSn to Your Buddy List
#3 (permalink) Add to raj’s Reputation Report Post
Old 03-08-2010, 06:06 PM
raj’s Avatar
raj raj is offline
Moderator
raj’s Zimbra Wiki Sandbox Page
Joined: Oct 2005 – Rep: 6 x 6 raj will become famous soon enoughraj will become famous soon enoughraj will become famous soon enough
Location: USA, Canada and India
ZCS/ZD Version: Release 5.0.18_GA FOSS Ed., CentOS 5.3 on VMware ESXi
Posts: 592
Default
just for future …you can just download the ca.pem and rename to ca.crt and double click on it in windows the install the cert..no need to convert
Raj
