Page 1 of 4 123 ... LastLast
Results 1 to 10 of 35

Thread: [SOLVED] GoDaddy certs on 5.0.6

  1. #1
    ScottChapman is offline Special Member
    Join Date
    May 2008
    Posts
    118
    Rep Power
    6

    Default [SOLVED] GoDaddy certs on 5.0.6

    I went through the process using the wizard, but I an getting an error.

    I did go through the process of generating the CSR, submitting that to GoDaddy. I got back my certificate and the intermediate cretificate.

    I downloaded their root certificate and use those three in the wizard.

    Any ideas?
    Attached Images Attached Images

  2. #2
    tonythemediaguy is offline Senior Member
    Join Date
    May 2007
    Posts
    54
    Rep Power
    7

    Default

    I got EXACTLY the same message on a new install of 5.06 NE on RHEL 5.1 64.

  3. #3
    tonythemediaguy is offline Senior Member
    Join Date
    May 2007
    Posts
    54
    Rep Power
    7

    Default GoDaddy certs on 5.0.6

    Hi All,

    I've followed the instructions in the wiki for 5.x godaddy certificate install but it keeps defaulting back to the self-signed certificate. First I tried to install everything with the web gui, which gave an error that many others have seen around here. Then I manually put the files from godaddy along with their root certificate in the /opt/zimbra/ssl/zimbra/commercial folder then I restarted services but I'm still getting the signed certificate and no certificate installed in the admin gui either.

    Anybody have any advice?

    I'm on RHEL 5.1 64 using NE.


    Thanks,

    Tony

  4. #4
    ScottChapman is offline Special Member
    Join Date
    May 2008
    Posts
    118
    Rep Power
    6

    Default

    Just out of curiosity. When you submitted the request to godaddy whih server did you specify? Tomcat or Apache?

    Also, how many files did you get back from GD? I think I got back 4.

    Bundle, mine, intermediate and cross intermediate.

    I assume that one specified the bundle as their root, and add a second intermediate to the list to include the cross intermediate?

  5. #5
    tonythemediaguy is offline Senior Member
    Join Date
    May 2007
    Posts
    54
    Rep Power
    7

    Default

    I did Apache, since Tomcat doesn't exist in 5.x.

    I got back 2 files, then I had to download the root certificate manually.
    My domain cert and an intermediate cert.

  6. #6
    Ramadan Mansoura is offline Former Zimbran
    Join Date
    Oct 2006
    Posts
    55
    Rep Power
    8

    Default

    Please check the following:

    (1) current aliases in the keystore
    keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`

    (2) delete all aliases except the jetty alias following this example
    keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
    (3) verify the cert and the private key match
    /opt/zimbra/bin/zmcertmgr verifycrt comm /path/to/private_key /path/to/server_crt
    (4) verify the private_key , server_cert, and the chain
    /opt/zimbra/bin/zmcertmgr verifycrt /path/to/private_key /path/to/server_cert /path/to/chain_cert
    (4) deploy
    /opt/zimbra/bin/zmcertmgr deploycrt comm /path/to/private_key /path/to/server_cert /path/to/chain_cert
    (5) restart the zimbra services

  7. #7
    tonythemediaguy is offline Senior Member
    Join Date
    May 2007
    Posts
    54
    Rep Power
    7

    Default

    Thanks for your help.

    (1) Only listed the Jetty alias
    (2) None to delete
    (3) Got the error that commercial_ca.crt doesn't exist. I renamed commercial.crt to commercial_ca.crt and now the verify works
    (4) I had to change this command to verifycrtchain for it to work properly, but it informs me:

    error 26 at 0 depth lookup:unsupported certificate purpose

    And that's where I am. When I got the cert from GoDaddy I chose Apache as my server. The only other choice in the list I saw that I thought was relevant was Red Hat. Should I re-issue the crt and choose a different server type than apache?

    Thanks Again

  8. #8
    JoshuaPrismon is offline Zimlet Guru & Moderator
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    I think you might want to see if you can get it re-issued as Tomcat. I use Godaddy, exported it as a Tomcat key, andhad no problems with it.

  9. #9
    JoshuaPrismon is offline Zimlet Guru & Moderator
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    Try not using their root certificate. See if it's conflicting against a certificate already installed.

  10. #10
    ScottChapman is offline Special Member
    Join Date
    May 2008
    Posts
    118
    Rep Power
    6

    Default

    It won't let you proceed without the root certificate

Page 1 of 4 123 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  2. Zimbra Hates GoDaddy
    By void in forum Administrators
    Replies: 18
    Last Post: 07-09-2009, 10:27 AM
  3. Need help installing GoDaddy certificate on ZCS 5.0.6
    By ScottChapman in forum Administrators
    Replies: 5
    Last Post: 06-10-2008, 08:22 AM
  4. Replies: 2
    Last Post: 03-25-2007, 09:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •