Error SSL on zimbra server

Hello
The certificate has been installed on zimbra server but now Outlook 2016 shows me an error like "unable to verify identity of the server" when starting. What should I do to stop the message from appearing?
Thanks

1 Like

Have you restarted the Zimbra server?
If so, can you provide an IP:port to verify proper cert installation?

Yes, i've restarted Zimbra server.

The certificate appears to have been installed successfully.

Is it possible a dns configuration error? The domain is: studiosalvador.net and the zimbra server is email.studiosalvador.net (ext ip 93.147.131.17).
The port forwarding is correct.

nslookup

set type=SRV
_autodiscover._tcp.studiosalvador.net

_autodiscover._tcp.studiosalvador.net SRV service location:
priority = 0
weight = 50
port = 443
svr hostname = email.studiosalvador.net
_autodiscover._tcp.studiosalvador.net SRV service location:
priority = 0
weight = 0
port = 443
svr hostname = autodiscover.aruba.it

email.studiosalvador.net internet address = 93.147.131.17

I've tested ports 143, 587, 993, 995 and they all seem to be using the full and correct cert.
Which port does Outlook connect to that it is complaining?

imap 993 (inbound) and smtp 465 (outbound).

it is a strange thing. Formally everything is correct but it doesn't work

What FQDN are you using?

I see:

Certificate chain
 0 s:/CN=email.studiosalvador.net
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
 3 s:/O=Digital Signature Trust Co./CN=DST Root CA X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3

And the cert contains SAN contains only that one FQDN:

I don't know... Can you help me to find this info?
In /etc/hostname is setting email.studiosalvador.net
In /etc/hosts is setting 192.168.x.x email.studiosalvador.net mail

I think use number 0

What name do you use within Outlook?

In the imap and smtp fields i use emal.studiosalvador.net with port 993 and 465

I can try to change email.studiosalvador.net with the internal ip (192.168.x.x) but it doesn't seem right

Then the problem is within your client operating system.
Both of those ports return the full, and correct, certificate with chain.

Which Windows O/S are you using?
Have you done a Windows Update lately?

I thought so, but I don't know where the problem lies on Outlook client.

I use Windows 10 and it's updated. It's a mystery

From that Win10 PC, can you browse to?:
https://email.studiosalvador.net/

yes and it works correctly. You can try :slight_smile:

I did try and it works fine for me.
We are trying to fix your problem (not mine - all mine are fixed now - LOL)

Please show the configuration page for Outlook.
I need to see what was entered.

Now I can not but in 1 hour I can send everything

1 Like

these are the screenshots

Cattura2

Cattura3