=Client Cert Auth using X.509=
...cation is optional. This document is concentrating on how to do the client cert authentication in Nginx-Zimbra. This feature is introduced in ZCS 7.1 (RFE
11 KB (1,590 words) - 09:46, 26 July 2023
=Client Cert Auth using X.509=
...cation is optional. This document is concentrating on how to do the client cert authentication in Nginx-Zimbra. This feature is introduced in ZCS 7.1 (RFE
11 KB (1,661 words) - 09:53, 26 July 2023
* Specific Cert Wiki Pages:
And when I attempted to recreate the self-sign cert using the steps above, it ended with this error:
19 KB (2,742 words) - 03:41, 21 June 2016
...imbra/jetty.pkcs12 and /opt/zimbra/mailboxd/etc/keystore, and redeploy the cert (There's usually no need to recreate it, just redeploy it).
On deploying commercial certs, 'verify cert' works, but deploying doesn't.
7 KB (1,034 words) - 11:57, 22 May 2018
...with proper naming like commercial.key for the key, commercial.crt for the cert, commercial.csr for the csr, and commercial_ca.crt for the root certificate
1) mkdir /root/certs and place the cert files in there
5 KB (750 words) - 16:06, 27 March 2015
...e the following command (substitute your chosen alias and the path to your cert file; all on one line):
-file EXTERNAL-LDAP-CERT-FILE
15 KB (2,352 words) - 05:11, 17 May 2018
...09 -text -in /tmp/server.crt'''' is a command that converts the PEM format cert into plain text, and thus human-readable.
...ection. If there's any intermediate cert missing, or of course if the root cert vouching for the intermediate certificate is missing, we *'''will'''* get a
12 KB (1,957 words) - 16:51, 20 April 2020
'''5. verify that the cert and key match'''
'''6. deploy the cert'''
16 KB (2,261 words) - 09:32, 12 July 2015
Finally we need the new cert to be deployed on jetty. Note that the last command spans two lines... eith
...intermediary CA certificate. Be sure to use a different alias for each CA cert in your chain.
8 KB (1,300 words) - 16:20, 27 March 2015
<desc>CA Cert used to sign all self signed certs</desc>
...l Certificate Authority (CA) to sign these SSL certs. This local CA-s own cert is then added to different applications "trusted CA-s" list/store. This at
581 KB (64,096 words) - 18:31, 19 March 2020
...l Certificate Authority (CA) to sign these SSL certs. This local CA-s own cert is then added to different applications "trusted CA-s" list/store. This at
{cert-field-to-zimbra-key-map} | {LDAP-filter}
634 KB (48,686 words) - 14:24, 13 July 2015
<desc>CA Cert used to sign all self signed certs</desc>
...l Certificate Authority (CA) to sign these SSL certs. This local CA-s own cert is then added to different applications "trusted CA-s" list/store. This at
330 KB (36,434 words) - 10:05, 27 August 2014
...via bluetooth, I would always get Invalid File Format errors. Putting the cert on the web server and setting the mime type is a solution I found via googl
...download to your phone, it's the root certificate (the CA provider's root cert). I struggled with this for a long time.
3 KB (533 words) - 12:29, 30 March 2015
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
** Retrieving Commercial CA cert from ldap...done.
15 KB (1,927 words) - 14:56, 30 March 2015
== Check cert in keystore ==
== Check cert in jetty.pkcs12 ==
2 KB (355 words) - 06:20, 23 September 2014
[] ERROR: java.security.cert.CertificateExpiredException: NotAfter: Sun Oct 08 00:38:45 EDT 2006
ERROR: zclient.IO_ERROR (invoke java.security.cert.CertificateException: Untrusted Server Certificate Chain, server: localhost
10 KB (1,444 words) - 04:29, 4 February 2022
'''This document explains how to add per domain cert on a ZCS running 7.x version.'''
...say something like this. If not, make sure you have correct key and chain cert files.
17 KB (2,461 words) - 21:56, 7 June 2016
On occasion, Zimbra may need to import an external SSL cert from a non-Zimbra server; most commonly from Active-Directory servers.<br>
** Importing cert '/tmp/corp.crt' as 'zcs-user-corp' into cacerts '/opt/zimbra/common/lib/jvm
2 KB (300 words) - 16:47, 24 March 2021
...something like this. If not, make sure you have the correct key and chain cert files.
** Deploying cert for example.com...done.
12 KB (1,835 words) - 06:38, 30 November 2022
===Cert Per Virtual Host Name===
...can't proxy the SSL handshake to the upstream. So NZ has to support this "cert per domain" feature. Actually, the upstream Jetty server doesn't implement
11 KB (1,727 words) - 21:57, 7 June 2016
