Error: “Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path
validation failed: java.security.cert.CertPathValidatorException: timestamp check failed”, Webmail shows “network
error”: probably SSL certificate is expired.
To renew an expired SSL self-signed certificate in Zimbra:
1. Begin by generating a new Certificate Authority (CA).
# ./zmcertmgr createca -new
2. Then generate a certificate signed by the CA that expires in 365 days.
# ./zmcertmgr createcrt -new -days 365
3. Next deploy the certificate.
# ./zmcertmgr deploycrt self
4. Next deploy the CA.
# ./zmcertmgr deployca
5. To finish, verify the certificate was deployed to all the services.
# ./zmcertmgr viewdeployedcrt
6. Restart Zimbra