Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35

Thread: [SOLVED] GoDaddy certs on 5.0.6

  1. #21
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    OK, will somebody please break this down for people like me who (obviously) know nothing? Here's what I did:
    1. Bought a cert. from GoDaddy. Got my CSR from the Zimbra AdminGUI, listed my server type as "Other" before I read this thread. After reading Josh's post I went back and re-issued the cert as Tomcat type.
    2. Downloaded the cert package (comes as a zip file) and unzipped it on my desktop
    3. Tried to use the cert. import process on the GUI. Pointed the various certs to the files in the unzipped folder--mine is obvious; the root I tried both gd_bundle.crt and downloading GoDaddy's root cert (neither worked); for the intermediate I tried just the single intermediate file, then when Mike suggested the cross and then the intermediate I tried adding both, in that order.
    4. Still getting this error:
      Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: Invalid Certificate:
    5. The command-line stuff you guys have here seems to pre-suppose having saved certain files in certain places, but I'm not sure which ones and where.
    Please forget that "Moderator" by my name and answer this in as simple and complete fashion as possible, because I have no clue what I'm doing wrong.
    Cheers,

    Dan

  2. #22
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    Of course the &^%$ thing has to make a liar out of me. Having just posted this last rant, I tried again with "all servers" (I swear I tried it before) and this time it worked. . .
    Cheers,

    Dan

  3. #23
    wfweaver is offline Trained Alumni
    Join Date
    Aug 2006
    Location
    Austin, TX
    Posts
    51
    Rep Power
    8

    Unhappy

    Actually, I'd still like to see a complete answer as requested. I'm having this issue as well. Just saw the "All servers" workaround which I'm trying now, but I'm still confused as to what certs to use for intermediate and root. Wiki says to download gd_class2-root.crt for root and to use gd_bundle.crt for intermediate. Is that correct? Or do I use some other magic combination? I do have the 4 files as I did a Tomcat request.

  4. #24
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    Quote Originally Posted by wfweaver View Post
    Actually, I'd still like to see a complete answer as requested. I'm having this issue as well. Just saw the "All servers" workaround which I'm trying now, but I'm still confused as to what certs to use for intermediate and root. Wiki says to download gd_class2-root.crt for root and to use gd_bundle.crt for intermediate. Is that correct? Or do I use some other magic combination? I do have the 4 files as I did a Tomcat request.
    No, that's not what worked for me. You have four files in your Tomcat archive:
    Code:
    gd_bundle.crt      --    This is your root cert
    gd_cross_intermediate.crt     --   This should be the first intermediate cert you load
    gd_intermediate.crt      --    This is a second intermediate which should be added to a line after the first intermediate
    yourserver.crt    --    this, obviously, is your own certificate
    Using "All servers" and these four finally did the job for me.

    Of course, then I found out that Verizon Mobile Web doesn't accept GoDaddy as one of its trusted root certification authorities, which was what started the whole exercise for me. . .
    Cheers,

    Dan

  5. #25
    wfweaver is offline Trained Alumni
    Join Date
    Aug 2006
    Location
    Austin, TX
    Posts
    51
    Rep Power
    8

    Default

    Seemed to work for me with the following combination:

    gd-class2-root.crt (root)
    gd-bundle.crt (intermediate)
    server.crt

    Now the question is, I already have working certs installed on the rest of my servers. I didn't install at that time with the gd-class2_root.crt but with the package you used. I'm about to perform an upgrade from 5.0.5 to 5.0.6. What's going to happen? Am I going to have to reinstall all my certs? Or will it work properly this time? I had a terrible time when I did a 4.x upgrade to 5.x as it lost all my certs - don't want to have to go through that again!

    I tell you, this is far more complicated than it needs to be and I can't seem to get a "straight" answer from anyone! By "straight" I mean that every answer I read says something different!

  6. #26
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    Quote Originally Posted by wfweaver View Post
    Seemed to work for me with the following combination:

    gd-class2-root.crt (root)
    gd-bundle.crt (intermediate)
    server.crt

    Now the question is, I already have working certs installed on the rest of my servers. I didn't install at that time with the gd-class2_root.crt but with the package you used. I'm about to perform an upgrade from 5.0.5 to 5.0.6. What's going to happen? Am I going to have to reinstall all my certs? Or will it work properly this time? I had a terrible time when I did a 4.x upgrade to 5.x as it lost all my certs - don't want to have to go through that again!

    I tell you, this is far more complicated than it needs to be and I can't seem to get a "straight" answer from anyone! By "straight" I mean that every answer I read says something different!
    I hate to do this to you, but my honest-truth answer is I have no clue. I installed the cert for the first time in 5.0.6.

    That said, I know there were some issues with certs in the 4.x to 5.x upgrade path for some people, so I'm not entirely surprised that you encountered something like that. I am under the impression that a number of those issues have been addressed, so I would think 5.0.5 to 5.0.6 should be a smooth upgrade. But please don't shoot me if I turn out to be wrong. . .
    Cheers,

    Dan

  7. #27
    SpaceBass is offline Active Member
    Join Date
    Jan 2007
    Posts
    30
    Rep Power
    8

    Default

    Guys, I am racking my brain over this one ...
    I was able to get the host.mydomain.com.crt to load through the GUI on the first try. However, my mail clients report that it is not trusted and the webmail still uses the self signed cert.

    I suspect that I need to install the intermedate cert but I cannot figure out how. If I try any of the other 3 files from GoDaddy, I get the same error that everone else gets (even when using --all servers --)

    I see all this talk about the order of the files, I've tried through the GUI to upload them in that order, but it sill errors out.

    Is there some place that I'm supposed to by uploading multiple files at once? Whats the trick?
    Last edited by SpaceBass; 06-29-2008 at 12:07 PM.

  8. #28
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    You should have a space for loading all those files at once. Did you not see a screen like the one below? If you first generate the CSR from the GUI, then use that CSR to generate your cert, then when you try to load the certificate on the basis of the CSR you created you'll have a chance to stick all the filenames into the same screen as below. Without loading all of them your cert will be untrusted, because it's the GoDaddy authority chain that turns it into a trusted certificate. If this doesn't make sense to you, re-post your question and I'll try to help you figure out what's missing. . .
    Attached Images Attached Images
    Cheers,

    Dan

  9. #29
    SpaceBass is offline Active Member
    Join Date
    Jan 2007
    Posts
    30
    Rep Power
    8

    Default

    There in lays the rub ... this is what I get in both Firefox 3 and Safari
    Despite the horizontal scroll bars, there is nothing else in the frame


  10. #30
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    Just double-checking, what version of Zimbra are you running? The screen doesn't look familiar to me at all.
    Cheers,

    Dan

Page 3 of 4 FirstFirst 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  2. Zimbra Hates GoDaddy
    By void in forum Administrators
    Replies: 18
    Last Post: 07-09-2009, 10:27 AM
  3. Need help installing GoDaddy certificate on ZCS 5.0.6
    By ScottChapman in forum Administrators
    Replies: 5
    Last Post: 06-10-2008, 08:22 AM
  4. Replies: 2
    Last Post: 03-25-2007, 09:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •