[Users] New 8.7.5 Securemail Zimlet
Frédéric Nass
frederic.nass at univ-lorraine.fr
Thu May 17 09:26:18 CEST 2018
Hi Barry,
I have no idea.
Actually, Zimbra provides a keystore for smime certs validation. But
it's empty from any trusty external CA.
[zimbra at test-zimbra ~]$ zmlocalconfig | grep -E 'keystore|smime'
imapd_keystore = /opt/zimbra/conf/imapd.keystore
imapd_keystore_password = *
mailboxd_keystore = /opt/zimbra/mailboxd/etc/keystore
mailboxd_keystore_base = ${zimbra_home}/conf/keystore.base
mailboxd_keystore_base_password = *
mailboxd_keystore_password = *
smime_truststore = ${mailboxd_truststore}
smime_truststore_password = *
[zimbra at test-zimbra ~]$ keytool -list -keystore
/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts -storepass changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 183 entries
tmp/rhel7_64/rdjz3bwn1d/eq0xx_t6fv.der, Feb 12, 2016, trustedCertEntry,
Certificate fingerprint (SHA1):
85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
tmp/rhel7_64/rdjz3bwn1d/gpzzm9h5_7.der, Feb 12, 2016, trustedCertEntry,
Certificate fingerprint (SHA1):
8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58
tmp/rhel7_64/rdjz3bwn1d/csuq6zjk4u.der, Feb 12, 2016, trustedCertEntry,
...
Certificate fingerprint (SHA1):
AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA
my_ca, Mar 21, 2018, trustedCertEntry,
...
Certificate fingerprint (SHA1):
D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
tmp/rhel7_64/rdjz3bwn1d/ja63m4kjkn.der, Feb 12, 2016, trustedCertEntry,
Certificate fingerprint (SHA1):
48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D
tmp/rhel7_64/rdjz3bwn1d/0wpwao5qj3.der, Feb 12, 2016, trustedCertEntry,
Certificate fingerprint (SHA1):
28:90:3A:63:5B:52:80:FA:E6:77:4C:0B:6D:A7:D6:BA:A6:4A:F2:E8
tmp/rhel7_64/rdjz3bwn1d/8afyoy3e6h.der, Feb 12, 2016, trustedCertEntry,
etc.
But no Comodo, Verisign, etc...
I added all the certs from
https://support.comodo.com/index.php?/Knowledgebase/List/Index/71 to the
keystore. But verification still fails when uploading personal certs.
Prabhat Kumar on comment 3 of bugzilla report says "Need to add
intermediate as well of the s/mime certificate."
Which I did, but still no success.
It seems to me that I should first build a cert by concatenating some
root and intermediate certs. But which certs in what order I have no
idea :-/
Regards,
Frédéric.
Le 17/05/2018 à 09:04, Barry de Graaff a écrit :
> Is this an open-source component, especially the server side part?
>
> If so you can look in there an see if you can use a different keystore.
>
> Kind regards,
>
> Barry de Graaff
> Zeta Alliance
> Co-founder & Developer
> zetalliance.org | github.com/Zimbra-Community
>
> +31 617 220 227 | skype: barrydegraaff.tk
> Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0
>
> ----- Original Message -----
> From: "Frédéric Nass" <frederic.nass at univ-lorraine.fr>
> To: "users" <users at lists.zetalliance.org>
> Sent: Thursday, May 17, 2018 8:32:16 AM
> Subject: [Users] New 8.7.5 Securemail Zimlet
>
> Hi,
>
> Has anyone succeded in using the new 8.7.5 securemail Zimlet
> (com_zimbra_securemail)?
>
> Personnal certificates uploads fail unless you disable the certificate
> verification check or add the root CA to Zimbra keystore which I can't
> do. This has been explained here :
> https://bugzilla.zimbra.com/show_bug.cgi?id=107887
> Problem is that Zimbra does not provide any external CA keystore to
> validate personnal certificates.
>
> There is no documentation and Zimbra support is as usual of no help.
>
> Regards,
>
More information about the Users
mailing list