1. on Zimbra with Putty or Terminal run:
openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -outform DER -out /var/tmp/ca.cer
2. startx
3. browse to https://mail.tudominio.com/
4. attach and sent your self the the ca.cer file from /var/tmp
Use GPEDIT.MSC (workgroup) or GPO to copy certificates to other domain machines
1. Ve a Policy Object Name/Computer Configuration/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certification Authorities
2. Right clic and click on import
3. Select ca.cer downloaded after.
4. close GPO or GPEDIT.MSC
5. Reboot
Voilá, mensaje de error de certificado CHAO!!!
06-25-2009, 07:59 AM
Source: http://www.zimbra.com/forums/administrators/26641-outlook-users-getting-certificate-warning.html
YetiRick
New Member
Posts: 4
I know this is too late to help any of the old posters, but it may help other with the same question...
Assuming the Zimbra devs don't move the file, the command:
openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -outform DER -out ca.der
will generate the CA root certificate you need in order for Windows to import it properly. You can then copy the resulting ca.der file to your Windows box and double-click it (or import it using the wizard.) It will install into the "Trusted Root Certification Authorities" section of your certificates window. Outlook and HTTPS webmail will no longer generate those annoying errors.
Please keep in mind that if the Zimbra CA is pre-generated and not generated at the time of installation, this will open you up to misidentified sites that sign their own certs with the same CA. I don't know if this is the case or not, but would recommend building your own CA if you're unsure.
[SOLVED] Rolling Your Own CA and Installing Certificates in Zimbra
will get that done for you. And you won't have to guess at which ca.pem file to use.
Fuente 2: http://technet.microsoft.com/en-us/library/cc738131(WS.10).aspx
Add a trusted root certification authority to a Group Policy object
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To add a trusted root certification authority to a Group Policy object
Open the Group Policy object (GPO) that you want to edit.
In the console tree, click Trusted Root Certification Authorities.
Where?
Policy Object Name/Computer Configuration/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certification Authorities
On the Action menu, point to All Tasks, and then click Import.
This starts the Certificate Import Wizard, which guides you through the process of importing a root certificate and installing it as a trusted root certification authority (CA) for this GPO.
Notes
To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
No hay comentarios:
Publicar un comentario