Zimbra add external mailbox account SSL Error problem handling

Today, the test in Zimbra's mailbox to add their own external mailbox account, to achieve the external external mail automatically charged to my Zimbra mailbox; because my external mail server only allows secure access to POP3 and IMAP services in SSL encryption, because of security considerations, you must enable S SL transmission, the result of the account configuration to the Zimbra mailbox when you encounter the following SSL certificate error can not successfully add external account;

Zimbra Server Environment: Zimbra GA 8.6 for centso_x64
Baidu search for a long time no fruit, most of them are introduced Zimbra installation and use of the article, almost see an in-depth discussion Zimbra advanced use and some details of the use of useful information; Finally, take the ladder. Google search "Zimbra add External Account SSL fail "found a large number of articles describing the problem, and Zimbra's official forums have been met with the same problems as me, and have a complete answer and solution; After the reference my question was finally resolved, and the cause of the problem and the solution was recorded, It is also convenient for domestic users to encounter this problem can be a reference;

Problem Reason:

Because the default installation of the Zimbra system, the validity of the SSL encryption certificate is strictly required, Zimbra will verify that the certificate used for SSL link is valid or not, otherwise deny connection and access, and prompt the certificate error;
And my external server is also the use of Postfix + Dovecot built, SSL is the server self-signed (self signed) certificate, Zimbra cannot verify the certificate, so that the external account to add after the test link failed;

Workaround:

If a valid SSL certificate cannot be installed for the external server, the SSL connection can be established only by adjusting the default settings of the Zimbra server, allowing the Zimbra to allow the certificate to be authenticated, and the following adjustment method:
Use the Zimbra user identity to execute the zmlocalconfig command, view or modify the value of the Ssl_allow_untrusted_certs property, default to False, that is, do not allow untrusted certificates, modify it to true;
Login again to the Zimbra Web mailbox interface, add external email account, has been OK, can be successfully set up and saved!