[SOLVED] GoDaddy certs on 5.0.6

**dwmtractor** · 06-12-2008, 12:52 PM

OK, will somebody please break this down for people like me who (obviously) know nothing? Here's what I did:

Bought a cert. from GoDaddy. Got my CSR from the Zimbra AdminGUI, listed my server type as "Other" before I read this thread. After reading Josh's post I went back and re-issued the cert as Tomcat type.
Downloaded the cert package (comes as a zip file) and unzipped it on my desktop
Tried to use the cert. import process on the GUI. Pointed the various certs to the files in the unzipped folder--mine is obvious; the root I tried both gd_bundle.crt and downloading GoDaddy's root cert (neither worked); for the intermediate I tried just the single intermediate file, then when Mike suggested the cross and then the intermediate I tried adding both, in that order.
Still getting this error:

Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: Invalid Certificate:
The command-line stuff you guys have here seems to pre-suppose having saved certain files in certain places, but I'm not sure which ones and where.

Please forget that "Moderator" by my name and answer this in as simple and complete fashion as possible, because I have no clue what I'm doing wrong.

**dwmtractor** · 06-12-2008, 12:58 PM

Of course the &^%$ thing has to make a liar out of me. Having just posted this last rant, I tried again with "all servers" (I swear I tried it before) and this time it worked. . .

**wfweaver** · 06-12-2008, 01:40 PM

Actually, I'd still like to see a complete answer as requested. I'm having this issue as well. Just saw the "All servers" workaround which I'm trying now, but I'm still confused as to what certs to use for intermediate and root. Wiki says to download gd_class2-root.crt for root and to use gd_bundle.crt for intermediate. Is that correct? Or do I use some other magic combination? I do have the 4 files as I did a Tomcat request.

**dwmtractor** · 06-12-2008, 02:03 PM

Originally Posted by wfweaver

Actually, I'd still like to see a complete answer as requested. I'm having this issue as well. Just saw the "All servers" workaround which I'm trying now, but I'm still confused as to what certs to use for intermediate and root. Wiki says to download gd_class2-root.crt for root and to use gd_bundle.crt for intermediate. Is that correct? Or do I use some other magic combination? I do have the 4 files as I did a Tomcat request.

No, that's not what worked for me. You have four files in your Tomcat archive:

Code:

gd_bundle.crt      --    This is your root cert
gd_cross_intermediate.crt     --   This should be the first intermediate cert you load
gd_intermediate.crt      --    This is a second intermediate which should be added to a line after the first intermediate
yourserver.crt    --    this, obviously, is your own certificate

Using "All servers" and these four finally did the job for me.

Of course, then I found out that Verizon Mobile Web doesn't accept GoDaddy as one of its trusted root certification authorities, which was what started the whole exercise for me. . .

**wfweaver** · 06-12-2008, 02:20 PM

Seemed to work for me with the following combination:

gd-class2-root.crt (root)
gd-bundle.crt (intermediate)
server.crt

Now the question is, I already have working certs installed on the rest of my servers. I didn't install at that time with the gd-class2_root.crt but with the package you used. I'm about to perform an upgrade from 5.0.5 to 5.0.6. What's going to happen? Am I going to have to reinstall all my certs? Or will it work properly this time? I had a terrible time when I did a 4.x upgrade to 5.x as it lost all my certs - don't want to have to go through that again!

I tell you, this is far more complicated than it needs to be and I can't seem to get a "straight" answer from anyone! By "straight" I mean that every answer I read says something different!

**dwmtractor** · 06-12-2008, 02:43 PM

Originally Posted by wfweaver

Seemed to work for me with the following combination:

gd-class2-root.crt (root)
gd-bundle.crt (intermediate)
server.crt

Now the question is, I already have working certs installed on the rest of my servers. I didn't install at that time with the gd-class2_root.crt but with the package you used. I'm about to perform an upgrade from 5.0.5 to 5.0.6. What's going to happen? Am I going to have to reinstall all my certs? Or will it work properly this time? I had a terrible time when I did a 4.x upgrade to 5.x as it lost all my certs - don't want to have to go through that again!

I tell you, this is far more complicated than it needs to be and I can't seem to get a "straight" answer from anyone! By "straight" I mean that every answer I read says something different!

I hate to do this to you, but my honest-truth answer is I have no clue. I installed the cert for the first time in 5.0.6.

That said, I know there were some issues with certs in the 4.x to 5.x upgrade path for some people, so I'm not entirely surprised that you encountered something like that. I am under the impression that a number of those issues have been addressed, so I would think 5.0.5 to 5.0.6 should be a smooth upgrade. But please don't shoot me if I turn out to be wrong. . .

**SpaceBass** · 06-29-2008, 11:55 AM

Guys, I am racking my brain over this one ...
I was able to get the host.mydomain.com.crt to load through the GUI on the first try. However, my mail clients report that it is not trusted and the webmail still uses the self signed cert.

I suspect that I need to install the intermedate cert but I cannot figure out how. If I try any of the other 3 files from GoDaddy, I get the same error that everone else gets (even when using --all servers --)

I see all this talk about the order of the files, I've tried through the GUI to upload them in that order, but it sill errors out.

Is there some place that I'm supposed to by uploading multiple files at once? Whats the trick?

**dwmtractor** · 06-29-2008, 04:59 PM

You should have a space for loading all those files at once. Did you not see a screen like the one below? If you first generate the CSR from the GUI, then use that CSR to generate your cert, then when you try to load the certificate on the basis of the CSR you created you'll have a chance to stick all the filenames into the same screen as below. Without loading all of them your cert will be untrusted, because it's the GoDaddy authority chain that turns it into a trusted certificate. If this doesn't make sense to you, re-post your question and I'll try to help you figure out what's missing. . .

**SpaceBass** · 06-29-2008, 06:28 PM

There in lays the rub ... this is what I get in both Firefox 3 and Safari
Despite the horizontal scroll bars, there is nothing else in the frame

**dwmtractor** · 06-30-2008, 10:06 AM

Just double-checking, what version of Zimbra are you running? The screen doesn't look familiar to me at all.

Zimbra

Thread: [SOLVED] GoDaddy certs on 5.0.6

LinkBack

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Similar Threads

Upgrade Self Signed Cert to Commercial Cert (godaddy)

Zimbra Hates GoDaddy

Need help installing GoDaddy certificate on ZCS 5.0.6

Issue sharing Address Books with Tomcat Commercial Cert SSL

Posting Permissions