how to import a zimbra trusting cert into IE

Well, I finally made some progress. Of course, being relatively new to CAs, certificate trust chains, etc. I ended up wasting half my day figuring it out.

Most of the research I did pointed to importing the certificate presented to the browser when using the ZWC into the Trusted Root Certification Authorities store, which no matter how many dozens of ways I did it made no difference. I ended up going into /opt/zimbra/ssl/zimbra/ca and converting the PEM format ca.pem certificate into Windows compatible DER format:

openssl x509 -inform PEM -in ca.pem -outform DER -out ca.cer

Then I imported this into the Trusted Root Certification Authorities store and finally I’m not getting the warnings from IE.

I did have one more question for anyone knowledgeable with certificates and domains/DNS. I’d like to use the servers host name as the URL instead of the FQDN (e.g. https://mail/ instead of https://mail.subdomain.domain.com/) to simplify things, but of course the browser then complains the URL doesn’t match the certificate (issued to mail.subdomain.domain.com). Anyone know if this is possible without getting the warnings? I tried to create a certificate using just the hostname but it requires a proper domain name.
Reply With Quote Quick reply to this message
EnSn
View Public Profile
Send a private message to EnSn
Find all posts by EnSn
Add EnSn to Your Buddy List
#3 (permalink) Add to raj’s Reputation Report Post
Old 03-08-2010, 06:06 PM
raj’s Avatar
raj raj is offline
Moderator
raj’s Zimbra Wiki Sandbox Page

Joined: Oct 2005 – Rep: 6 x 6 raj will become famous soon enoughraj will become famous soon enoughraj will become famous soon enough
Location: USA, Canada and India
ZCS/ZD Version: Release 5.0.18_GA FOSS Ed., CentOS 5.3 on VMware ESXi
Posts: 592
Default
just for future …you can just download the ca.pem and rename to ca.crt and double click on it in windows the install the cert..no need to convert

Raj

MS Age of Empires Settings

How to get pop 200 offline , Click start, programs , microsoft games , age of empires , then Right click on the Age Of Empires Icon and go to Properties and then select the Target Box it should say “C:\Program Files\Microsoft Games\Age of Empires\Empires.exe” u need to add limit=200 and the end of it so it reads “C:\Program Files\Microsoft Games\Age of Empires\Empires.exe” limit=200 and then Launch the game from Start / Programs / Microsoft Games/ Age Of Empires / Age Of Empires When it has opened , go to MULTIPLAYER , then type in anyname , then Internet tcp/ip , then click ok , Now press CREATE then enter any game name , And your ready to play with pop 200 Offline Its seems hard the first time but u get the hang of it easy]]>

UPnP Problems?

For some reason, on my home LAN, I have trouble playing Age of Empires. I know, it’s an old game, but I still like to play it. I’m connected at home via a Linksys WRT54G-L. I’ve also connected up a Netgear MR814 used as a hub, but I don’t think that’s the issue. I’m not using dhcp on either of those boxes – I have a separate machine as a dhcp server. Anyways, clicking “Show games” would never work! I thought initially it was some software issue, so I reinstalled Windows and it still didn’t work. I swapped out the WRT54G-L for a switch and then it worked! After some googling, I found that it might be the UPnP. Hopefully, this fixes it. It works now, but then again, it used to work before too. We’ll see.

DHCP server with DDNS

authoritative;
include “/etc/bind/rndc.key”;
server-identifier chunli.shocknetwork.com.;
ddns-domainname “shocknetwork.com.”;
ddns-rev-domainname “in-addr.arpa.”;
ddns-update-style interim;
ddns-updates on;
ignore client-updates;
zone shocknetwork.com. {
primary 127.0.0.1;
key rndc-key;
}
default-lease-time 21600; # 6 hours
max-lease-time 43200; # 12 hours
option domain-name “shocknetwork.com”;
option domain-name-servers chunli.shocknetwork.com, resolver1.opendns.com;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option domain-name-servers chunli.shocknetwork.com, resolver1.opendns.com;
option domain-name “shocknetwork.com”;
option routers 192.168.0.1;
option broadcast-address 192.168.0.3;
default-lease-time 600;
max-lease-time 7200;
zone 0.168.192.in-addr.arpa. {
primary 192.168.0.3;
key rndc-key;
}
zone localdomain. {
primary 192.168.0.3;
key rndc-key;
}
}
/etc/named.conf –> I’m using Ubuntu 6, so it’s actually /etc/bind/named.conf and named.options, etc, but for the sake of simplicity, I’ll put them all together.
options {
directory “/var/cache/bind”;
auth-nxdomain no; # conform to RFC1035
};
zone “.” {
type hint;
file “/etc/bind/db.root”;
};
zone “localhost” {
type master;
file “/etc/bind/db.local”;
};
zone “127.in-addr.arpa” {
type master;
file “/etc/bind/db.127”;
};
zone “0.in-addr.arpa” {
type master;
file “/etc/bind/db.0”;
};
zone “255.in-addr.arpa” {
type master;
file “/etc/bind/db.255”;
};
controls {
inet 127.0.0.1 allow {localhost; } keys { “rndc-key”; };
};
// Add local zone definitions here.
zone “shocknetwork.com” {
type master;
file “/etc/bind/shocknetwork.com.zone”;
allow-update { key “rndc-key”; };
notify yes;
};
zone “0.168.192.in-addr.arpa” {
type master;
file “/etc/bind/0.168.192.in-addr.arpa.zone”;
allow-update { key “rndc-key”; };
notify yes;
};
include “/etc/bind/rndc.key”; Some troubleshooting tips: 1) turn on logging for DNS:
logging {
category “default” { “debug”; };
file “/tmp/nameddbg” versions 2 size 50m;
print-time yes;
print-category yes;
}; That’s about it – it should give you all you need.]]>

Microsoft a "Thought Leader" in virtualization?

http://arstechnica.com/news.ars/post/20 … ifted.html The quote”

Quote:
Anytime I write about Microsoft and virtualization, someone e-mails me to remind me that Apple doesn’t allow the virtualization of its client OS, which would seem to make Microsoft a “thought leader” according to some of you. Others wonder if/when Cupertino would ever allow it.
What kind of bullshit is that!? The only time Microshaft ever got into Virtualization was when they bought the technology from Connectix back in the days! VMware was in the business way before that! Here’s the whole whole bullshit article:
Microsoft relents: Vista consumer virtualization ban lifted
By Ken Fisher | Published: January 21, 2008 – 01:39PM CT It only took them a year longer than it should have, but Microsoft has finally relented and approved the use of Windows Vista Basic and Premium Edition in virtualized environments, for both “consumers” and business users. Among other things, the change means that Mac and Linux users can now run Windows Vista in a VM without having to pay for the more expensive Business or Ultimate editions. This is a boon to anyone who needs virtualized environments for testing and development. Related StoriesMicrosoft ditches about-face on virtualization restrictions at 11th hour
Virtual Iron goes 4.0
Viridian beta and Virtual Server 2005 R2 SP1 will miss target dates
Microsoft’s anti-virtualization stance: forget DRM, think Apple
“For consumers, Windows Vista Home Basic and Windows Vista Home Premium are now licensed for use in a virtual machine environment,” the company said in a statement. An updated end-user license agreement will be posted later at this location. The move isn’t a total surprise, even if it is months late. The company came very close to repealing its ban last summer, only to inexplicably pull the plug at the last minute. On the record, Microsoft said that the ban stemmed from their view that virtualization “is not yet mature enough from a security perspective for broad consumer adoption.” To be frank, we never bought this excuse, because you could get the “maturity” needed to virtualize Vista for the $60+ premium that Business costs over and against Home Premium. That debate is history now. The announcement kicks off Microsoft’s Virtualization Deployment Summit, which begins in earnest tomorrow. The company is also expected to tout several other developments for business virtualization over the two-day summit, including the acquisition of Calista Technologies and an expanded partnership with Citrix. Microsoft is beating the virtualization drum hard, gearing up for what will likely be a protracted war with the perceived industry leader, VMWare. Microsoft’s message is going to be ease-of-use and cost. Bob Muglia, senior vice president of the Server and Tools Business at Microsoft, said in a statement that Microsoft estimates that “less than 5 percent of companies are utilizing virtualization technology because it is simply too cost-prohibitive and complex.” Microsoft argues that it has the most “economical” approach to virtualization from desktop to datacenter, and lowering the cost barrier on the client certainly helps. Still, while great news for users who want to virtualize Vista legally, and on the cheap, it’s still an open question when businesses will begin migrating to Vista in force, and if any of that migration will feature significant virtualization on the client end. Cupertino, please start your copiers, please?!
Anytime I write about Microsoft and virtualization, someone e-mails me to remind me that Apple doesn’t allow the virtualization of its client OS, which would seem to make Microsoft a “thought leader” according to some of you. Others wonder if/when Cupertino would ever allow it. It’s true that Apple doesn’t allow client virtualization, and I think I speak for just about everyone when I say that no one believes it’s likely to happen soon. Apple doesn’t even allow its customers the legal right to run its client OS on non-Apple computers, so virtualization is out of the question. Apple, unlike Microsoft, is in the PC-selling business, and unlike Microsoft, Apple uses a set of technological access controls to prevent its OS from running on unauthorized hardware. Why? Apple doesn’t want you, me, and every other reader of this site to do what they know we’d do: run out and build our own “Macs.” If you want OS X, Apple wants you to buy a Mac, period. With the company’s notorious focus on control and design, we don’t see this changing any time soon.]]>