Knowledge Base : RenewZimbraSSLCert

Error: “Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path

validation failed: java.security.cert.CertPathValidatorException: timestamp check failed”, Webmail shows “network
error”: probably SSL certificate is expired.

To renew an expired SSL self-signed certificate in Zimbra:

1. Begin by generating a new Certificate Authority (CA).

# ./zmcertmgr createca -new

2. Then generate a certificate signed by the CA that expires in 365 days.

# ./zmcertmgr createcrt -new -days 365

3. Next deploy the certificate.

# ./zmcertmgr deploycrt self

4. Next deploy the CA.

# ./zmcertmgr deployca

5. To finish, verify the certificate was deployed to all the services.

# ./zmcertmgr viewdeployedcrt

6. Restart Zimbra