Zimbra CS RC2 Commercial Certificate

[blaze]

Hi,

I have been trying for a few days now to get commercial certificates to work properly with Zimbra 5 RC2. I must be going wrong somewhere, though I have been following the instructions here to the letter.

This is the process I have used:

Quote:

1. Create the keystore
keytool -genkey -alias jetty -keyalg RSA -keystore /opt/zimbra/ssl/ssl/commercial.keystore

2. keytool -certreq -keyalg RSA -alias jetty -file /opt/zimbra/ssl/ssl/commercial.csr -keystore /opt/zimbra/ssl/ssl/commercial.keystore

At this step, am I correct in thinking the certificate request must have an alias of "jetty" rather than "tomcat"? (it says tomcat in the wiki).

Quote:

3. Sent the contents of commercial.csr to DigiCert and got three certificates back:

• TrustedRoot.crt
• DigiCertCA.crt
• star_mydomain_org.crt

Are there any known issues with *.mydomain.com certificates?

Quote:

4. Installed the certificates into the keystore in the order listed above. Everything went fine. Got the correct responses and "Certificate reply was installed in keystore".

5. Copied the keystore to /opt/zimbra/jetty/etc/keystore. I did change the permissions appropriatly.

6. Restart Zimbra (zmcontrol start;zmcontrol stop). When I do so, and go to the web client, I get a page not found!

Replacing the keystore with a backup of the old one, and then restarting Zimbra fixes this problem.

Any ideas?

Many thanks,
Gary

[blaze]

Another worthwhile piece of information is that this certificate was generated for tomcat servers. I have not seen an option to generate for Jetty, does this make a difference?

Please, if anybody has any ideas, this is quite important as it is for one of our dedicated server clients.

Thanks.

[ArcaneMagus]

From the way you have written your instructions that you tried I am going to assume that you are using a 5.0 RC2 build? If not please clarify (you might want to put the output of zmcontrol -v into your profile)

Anyway you might want to try a crazy thing and use the built in wizard that is provided for this sort of situation
If you are using 5.0RC2 it should be already installed. If so you will have a Certificates area in your tools section of the admin interface. Click on it and then click on Install certificate. The rest of the procedure you should be able to figure out.

[blaze]

Hi ArcanMagus,

Absolutely spot on mate. Never even knew there was such a wizard! If only they had put that in the commercial certificate documentation! :P

Everything seems to be working now. I will try to use this for my future certificates. If I am using an older version 4.5.9/10 do you know if this wizard is installed by default? If not, is there a guide knocking around that you know about off the top of your head for installing it?

Many many thanks!

Gary

[mmorse]

I believe the admin extension relies on 5.0 only admin console changes.
-I have updated the notes at the top of both Commercial Certificates - Zimbra :: Wiki & SSL Certificate Problems - Zimbra :: Wiki

[blaze]

Ok, thats great! I'm sure those updates will come in handy to anybody reading them properly. I haven't had too many issues with installing certificates in the earlier versions, but having that certificate tool cut the time right down. Many thanks once more!

Regards,
Gary

[blaze]

I have posted a follow up to this thread that concerns integrating certificates. I think if this issue is solved, it would make a good addition to the certificate instructions:

Thread is here