![]() The ZCS Certificates tools are located in the Navigation pane, under Tools > Certificates. In short setting subjectAltName, it must include all host names to be trusted, not just "additional" ones beyond what is in CN (by default zmcertmgr will put `zmhostname` in the subjectAltName). See also RFC2459 section-4.2.1.7 for details on Subject Alternative Name handling and usage. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. As such, certificates within an install should be valid (not expired and have hostnames matching the certificate). ![]() ![]() This article discusses the ZCS 8.x, 8.0.x, 7.0.x Administration Console, and the CLI tools for ZCS 8.x, 8.0.x, 7.0.x.īy default ZCS requires valid certificates when communicating with hosts over TLS/SSL. ZCS allows administrators to manage their certificates using either the Administration Console or the Command Line Interface (CLI). TLS/STARTTLS_Localconfig_Values for information about security related localconfig settings.SecureConfiguration for best practices when security a ZCS installation.IPhone for information about iPhone SSL certificates.Certificate_Chain practical how to on creating the certificate chain file.This is certified documentation and is protected for editing by Zimbra Employees & Moderators only.
0 Comments
Leave a Reply. |