Author Topic: [SOLVED] where are the SSL certificates for the user corner located?  (Read 1743 times)


  • Zen Monk
  • **
  • Posts: 80
  • Karma: +1/-0
    • View Profile
Edit2: Simple solution.  Under the Certificate Authority section of the admin interface, and under Service Certificates, you must disable the certificate for the user corner.  This will allow you to use your own certificate and not have Zentyal overwrite it with its own self-signed certificate.  This seems pretty obvious but it slipped past me.  This also applies to the mail certificates as well (you should disable them in the Zentyal CA if you are using your own certificate files).

Edit1: UPDATE - After more investigation, the file ssl.pem located in /var/lib/zentyal-usercorner/ssl/ is definitely the key to this mystery.  I have replaced this file with my own purchased certificate; HOWEVER, after performing a sudo /etc/init.d/zentyal restart, THIS FILE GETS AUTOMAGICALLY OVERWRITTEN WITH ZENTYAL'S SELF-SIGNED CERTIFICATE.  How can I prevent this from happening?

Original post below

I am using Zentyal Server core 3.0.31 with all packages updated to latest.

I have installed a wildcard SSL certificate and I have it successfully working for:

Additional resources: (note that almost all these links are communicating nearly the same ideas, the only differences really are where the SSL certificates are stored).
Creating combined certificate files (*.pem):

I CANNOT get it to work for the User Corner page.

I have tried

  • editing /etc/apache2/sites-available/ (adding <Virtualhost> SSLEngine On, SSLCertificateFile, SSLCertificateKeyFile, SSLCertificateChainFile </Virtualhost> )
  • replacing ssl.cert, ssl.key, and ssl.pem in /var/lib/zentyal-usercorner/ssl/

Every time I try to access the user corner, it still shows that it is the old SSL certificate issued by the local CA with a 10 year expiration date (my purchased SSL certificate only has a 1 year expiration).

I have of course restarted Apache and even tried restarting all of Zentyal.  No luck.  The old certificate persists so it must be hiding in a different location.

What am I missing?
« Last Edit: November 20, 2014, 06:48:19 pm by zippydan »