[SOLVED] Commercial Certificate issue - thawte - again

[galezer]

hi guys

i got Zcs network edition 5.06 and cannot get my thawte certificates to work.

i followed the instructions on [SOLVED] Commercial Certificate - Thawte - ZC5
and on the WIKI on installing commercial certificates and still got to nowhere ...

o downloaded the server roots and unziped the files in the web gui

have put the root.ca and the premiumserver as intermediate alwayes i got this weird message

Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: Invalid Certificate:

the certificate is x509 apache certificate of THAWTE.

any help will be appreciated

shay

[alexkelly]

I think you need to have the base64 encoded version for it to work. Your cert should look like

Code:

-----BEGIN CERTIFICATE-----
encoded stuff
-----END CERTIFICATE-----

If you have the plain-text portions, I think those need to be edited out. You also need to make sure that you have the base64 encoded versions of the root and intermediary certs too...those are the ones that end in .txt from Thawte's certificates.

[galezer]

they are all encoded within the two lines.
what you did say about editing out?
i did all that is written in the wiki.

[alexkelly]

I have seen x509 certs (not specifically from Thawte) that have all the plain text portions at the top, so you get a cert that starts with

Code:

Certificate
     Data:
       Version: 3 (0x2)
       Serial Number: 1 (0x1)
       Signature Algorithm: md5WithRSAEncryption
       Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
               OU=Certification Services Division,
               CN=Thawte Server CA/emailAddress=server-certs@thawte.com
       blahblahblah

But, if all your certificate has is the encoded stuff, that wouldn't be the problem. I also don't know that cert in that format won't work...I just know that I used only the base64 encoded one, and that works

Do you have a single-server setup, or is it multiple server?

[galezer]

maybe its the type of the cert? apache was enough when i did that on the last scalix server i had.

i have all the files encoded in text edition. nowhere yo go from here.

is there another option ?

galezer

[mmorse]

Quote:

Originally Posted by galezer

i got Zcs network edition 5.06 and cannot get my thawte certificates to work.

Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: Invalid Certificate:

That seems like the error described here: http://www.zimbra.com/forums/adminis...s-5-0-6-a.html

A) The easiest workaround is to specify "--- All Servers ---" as the target server when installing the commericial cert.

B) The other way is to create the commercial_ca.crt (concantenated chain file) manually under /opt/zimbra/ssl/zimbra/commercial.

Bug 28085 - zmcertmgr doesn't break down the concatenated commercial cert from Ldap

[galezer]

this message reads :
AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: failed to create jetty.pkcs12

another bug perhaps ?

something else that can help me here?

[galezer]

i cut some white space after the --end-- flag and
thanks for all that helped - i mark this thread solved.

thank for all of you that helped - i like this forum.

galezer