Results 1 to 7 of 7

Thread: How can I restore commercial SSL cert?

  1. #1
    jw3193 is offline Active Member
    Join Date
    Feb 2007
    Location
    Monterey, CA
    Posts
    25
    Rep Power
    8

    Default How can I restore commercial SSL cert?

    I didn't see the posts & wiki page talking about how you can only have 1 SSL cert/server until after I made this mistake. I installed a newly generated commercial certificate on my 5.0.2 server (via the web interface), which of course made my main cert disappear. The original commercial cert was installed on 4.5.6, and I still have the .crt, .csr, and a backup of my 4.5.6 install. I tried putting the .csr file in /opt/zimbra/ssl/zimbra/commercial, then going back in the web interface to install the old cert, but that failed (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt and private key commercial.key don't match). Is there an easy way to restore this certificate?

    Thanks, Justin.

  2. #2
    jw3193 is offline Active Member
    Join Date
    Feb 2007
    Location
    Monterey, CA
    Posts
    25
    Rep Power
    8

    Default

    I probably should rephrase the question. I have the certificate, and even have the CSR. Due to the fact that things worked differently in 4.5.x compared to 5.x, I don't have the matching key. I guess I probably have it, I just don't know where. I thought perhaps it was /opt/zimbra/ssl/ssl/server/server.key, but that doesn't work. Is it somehow stored in ssl/ssl/commercial.keystore?

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,485
    Rep Power
    56

    Default

    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    jw3193 is offline Active Member
    Join Date
    Feb 2007
    Location
    Monterey, CA
    Posts
    25
    Rep Power
    8

    Default

    When I installed the new cert (over top of the one I wanted to keep), I did it from the web admin UI. I've gone back and followed the directions in the wiki page for CLI mode, but I'm still running in to the issue that I don't have my key, or at least not in the correct format. I found this page:

    Commercial Certificates - Zimbra :: Wiki

    So, thought I'd give it a try. I'm able to extract the key, but I'm unable to convert/decrypt it. I'm thinking this is my problem, but I can't be sure.

    -Justin

  5. #5
    brian is offline Project Contributor
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    You'll need to recover the private key from the tomcat keystore in order to use the old cert. Follow the directions in the wiki, post the commands and errors from the steps you are having problems with and we'll try to help you through it.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  6. #6
    jw3193 is offline Active Member
    Join Date
    Feb 2007
    Location
    Monterey, CA
    Posts
    25
    Rep Power
    8

    Default

    Thanks everyone, I appreciate the help.

    I was able to extract the key, using ExportPriv.java...

    Code:
    [root@mail godaddy]# /opt/zimbra/java/bin/java ExportPriv ./commercial.keystore
     tomcat zimbra > my.key
    Then the next step in the directions is to decrypt it:

    Code:
    [root@mail godaddy]# openssl rsa -in my.key -out my.key.dec
    unable to load Private Key
    31439:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:741:
    I then tried a slightly different command found on this page...

    Code:
    [root@mail godaddy]# openssl pkcs8 -inform PEM -nocrypt -in my.key -out exporte
    d.key
    Error decrypting key
    1638:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:741:
    I'm sure I'm doing something wrong, I just am not sure what it is

    -Justin.

  7. #7
    bryceh78 is offline Junior Member
    Join Date
    Feb 2007
    Posts
    5
    Rep Power
    8

    Default Update: new Wiki for backup, restore, transfer of Commerial Certs

    Transfer SSL certificates between servers - Zimbra :: Wiki

    Just posted a few days ago.

    Procedure for backup, transfer, restore of Commercial Certificates in Zimbra 5.x

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  2. Replies: 23
    Last Post: 05-06-2008, 02:24 PM
  3. Replies: 2
    Last Post: 03-25-2007, 09:40 PM
  4. Question installing commercial SSL cert
    By jigi in forum Administrators
    Replies: 0
    Last Post: 02-13-2006, 12:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •