[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another certificate question dealing with self-signed which only needs to be updated
Thank you! That is the answer I was seeking. Really appreciate the information.
-Steve
----- Original Message -----
From: "Tony Publiski" <tonster@tonster.com>
To: "Steve Elliott" <selliott@kennesaw.edu>
Cc: zimbra-hied-admins@sfu.ca
Sent: Thursday, December 16, 2010 8:43:04 PM
Subject: Re: Another certificate question dealing with self-signed which only needs to be updated
Steve,
By default, unless you've modified the way you've created your self-signed certificates and CA, your CA will also have an expiration period of 365d, so if you bypass regenerating the CA, you'll end up with the certificate chain failing when the certificate would have anyway since the CA will end up expiring.
----- Original Message -----
From: "Steve Elliott" <selliott@kennesaw.edu>
To: zimbra-hied-admins@sfu.ca
Sent: Thursday, December 16, 2010 7:13:24 PM
Subject: Another certificate question dealing with self-signed which only needs to be updated
First thank you all for your assistance with the certificate issue we were facing with android customers and zimbra desktop. Talking with Geotrust we got the right combination of certs to resolve our issue. Matt, your answer was seen after I finished talking with Geotrust but it was spot on. If anyone needs the links to the certs for this situation I'll be glad to post them to this listserve............
My question which zimbra support hasn't given me really a concrete answer on...... .
Multi-server installation. Combination of commercial and self-signed on our system. Self-sign cert on our zimbra ldap server is about to expire. I am planning on following the directions for creating a single-node sign certificate from http://wiki.zimbra.com/wiki/Administration_Console_and_CLI_Certificate_Tools My question is..............As it already is self-signed do I actually have to create a new CA? Or just do the part dealing with the crt.
As these answers are not spelled out as they seem to presume you are just starting off versus updating a self-signed certificate I want to make sure that I have this documented for future admins that may follow me.
Zimbra support says I can just do zmcertmgr createca with the "-new". But I would like to know why not skip that and just do the crt and be done leaving the CA alone. Can anyone explain why I must create and deploy a CA again?
Thank you!
Steve