![]() Packet Filter > External networks to Zentyal have you enabled groupware and web?Īlso just looking at the default services http and https are defined but also webserver is defined with the same ports. I have to do this on my server but lazy sundays.Īlso Christian is correct as you should be able to connect but the self signed certs will just provide nags. I am the same though as they should be imported into the trusted certs and work. Its what the NSA do and they just have the public keys. The CA authority on Zentyal is just a self signed cert store. Usually with certs such as thwaite or verisign there is also libiality insurance. Perhaps some more advanced users or members using Outlook can comment and help further.Īny certificate that isn't issued from a known authority is self signed. I can't really comment it as I'm not Outlook user but keep in mind that Zentyal permits to set subject alternative names, purpose being to use same certificate with multiple (different services).įor what I understand, you can have only one CA on Zentyal. One point that my have impact on your capability to access your web server is, and from this standpoint I do share your analysis, the potential need for certificate to match fqdn. What I suggested was to add this CA to this list as I do here Of course this is a "private" CA if I can say so, meaning not issued by organization that is already registered in default list of trusted CA on main browsers. With my own Zentyal platform, I don't have any self-signed certificates but certificates that are signed by certificate authority that is generated on Zentyal server. I've no doubt that, if you are very familiar with certificates, that you are right with you analysis. Indeed we do not share same understanding Therefore we need Zentyal to create a root certificate like the good one I should you. Here is what I think the problem is and the fix: Because Zentyal sits behind a NAT clients cannot verify the root certificate authority on intermediate cert. If you check the Zentyal (Bad Cert.jpg) intermediate cert with SSL Checker you get the not trusted error because it can't find the root CA either! When using SSL checker the good cert has no errors. ![]() ![]() If they are not it is an intermediate CA which requires the client to locate the root ca to validate and the can't because the server sits behind a NAT. The PROBLEM is that the self cert must have the issue to: and issue by: names exactly the same. I am also including the Zentyal intermediate Cert, called bad cert. This certificate was imported into my browser (which also sets it up for Outlook). (It is a microsoft thing!)Īttached is a working root certificate from both CommuniGate Pro and Exchange 2007, called "good cert.jpg". These clients require certificates and that do not create certificate errors. I very familiar with certificates use on Exchange 2007 & CommuniGate Pro and connecting remote outlook clients and mobile devices. You cannont ignore it like you can do with a browser. (It is this same error the prevents outlook client from connecting.) The Outlook client requires no errors with repect to certificates. I can connect just fine and run webapp and webaccess but with certificate errors. All I am saying is that my Zentyal server sits behind a NAT and my clients are external to the NAT. I am sorry for my communications skills, let me try a little better. What I suggest is that you drop, at least for the time being, this point about certificates.įocus on connectivity and once clients are able to reach server on the right port, we can look at certificates MX, A and CNAME records are managed on DNS hosted by my registrar (meaning on internet) Like many here, I host my own mail server that I do not access using Outlook but I don't think this detail matters Perhaps all of this in only matter of wording and glossary but without aligning this, we can't understand each others If you can connect but face error message due to certificate, this is another issue but so far you don't show any certificate related error. If you can't connect, then, sorry if my sentence looks stupid, but you have connectivity issue Reaching your mail server is matter of MX when it comes to receive mails then uses A or CNAME records when clients need to access POP, IMAP, MAPI or Web server. I might be wrong but I'm afraid you mix up some different concepts.Ĭertificates are not linked to IP address neither to NAT.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |