Installing GoDaddy or Starfield SSL certs into Zimbra

On July 17, 2009, in zimbra, by ksanders
0

For those having issues with newer releases of Zimbra and Godaddy and/or Starfield Tech SSL certificates, here’s what worked for us.

Likely you are getting a: “Your certificate was not installed due to the error : system failure: XXXXX ERROR: Unmatching certificate” error message. Zimbra is trying to tell you, in it’s own ineloquent way, that something is missing from the cert chain.

You’ll need three certificates,

Certificate: [domainname].crt (the one with your domainname in it that you downloaded)
Root CA: sf-class2-root.crt
Intermediate CA: sf_bundle.crt

You can get the sf-class2-root.crt root certificate and sf_bundle.crt from the Starfield Secure Certificate Services Repository here: https://certs.starfieldtech.com/Repository.go#root_der

Once they’re all downloaded plug all three of them into the install certificate screen as listed above.

The steps for renewed GoDaddy ssl certs should work in a similar way.

Tagged with:
 

Zimbra Critical Security Update

On July 1, 2009, in zimbra, by ksanders
0

I got notified late this afternoon about a critical security vulnerability in zimbra. The email a bit short on details stating only:


This vulnerability allows unauthorized, remote access to files that are readable by the “zimbra user” account on the ZCS Mailbox Server (also known as mailbox service, or “mailboxd”).

All released versions (including the 6.0 betas) are affected. There is a link in the e-mail and also at support.zimbra.com.

Assuming you downloaded the patch to /tmp and are on Ubuntu and running ZCS 5.0.x (other linux ymmv), issue these three commands as root on each of your mailbox server.

#mkdir /opt/zimbra/save-07012009/ ; /etc/initd.d/zimbra stop

#mv /opt/zimbra/lib/jars/dom4j-1.5.jar ; /opt/zimbra/save-07012009/dom4j-1.5-lib.jar ; mv /opt/zimbra/jetty-6.1.5/common/lib/dom4j-1.5.jar /opt/zimbra/save-07012009/dom4j-1.5-common.jar ; cp /tmp/dom4j-1.5.jar /opt/zimbra/lib/jars/dom4j-1.5.jar ; cp /tmp/dom4j-1.5.jar /opt/zimbra/jetty-6.1.5/common/lib/dom4j-1.5.jar ; chown zimbra:zimbra /opt/zimbra/lib/jars/dom4j-1.5.jar ; chown zimbra:zimbra /opt/zimbra/jetty-6.1.5/common/lib/dom4j-1.5.jar

#/etc/init.d/zimbra start

Total downtime for us was less than 3 minutes per mailbox server.

There is no other information on the support pages and oddly enough no one in the forums seems to be talking about this either. I will update as I get more information.

Tagged with: