Results 1 to 8 of 8

Thread: [SOLVED] Commercial Certificate issue - thawte - again

  1. #1
    galezer is offline Intermediate Member
    Join Date
    Nov 2007
    Posts
    19
    Rep Power
    7

    Default [SOLVED] Commercial Certificate issue - thawte - again

    hi guys

    i got Zcs network edition 5.06 and cannot get my thawte certificates to work.

    i followed the instructions on [SOLVED] Commercial Certificate - Thawte - ZC5
    and on the WIKI on installing commercial certificates and still got to nowhere ...

    o downloaded the server roots and unziped the files in the web gui

    have put the root.ca and the premiumserver as intermediate alwayes i got this weird message

    Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: Invalid Certificate:

    the certificate is x509 apache certificate of THAWTE.

    any help will be appreciated

    shay

  2. #2
    alexkelly is offline Trained Alumni
    Join Date
    Oct 2007
    Location
    Columbus, OH
    Posts
    70
    Rep Power
    7

    Default

    I think you need to have the base64 encoded version for it to work. Your cert should look like
    Code:
    -----BEGIN CERTIFICATE-----
    encoded stuff
    -----END CERTIFICATE-----
    If you have the plain-text portions, I think those need to be edited out. You also need to make sure that you have the base64 encoded versions of the root and intermediary certs too...those are the ones that end in .txt from Thawte's certificates.

  3. #3
    galezer is offline Intermediate Member
    Join Date
    Nov 2007
    Posts
    19
    Rep Power
    7

    Default this is the certificate type i have.

    they are all encoded within the two lines.
    what you did say about editing out?
    i did all that is written in the wiki.

  4. #4
    alexkelly is offline Trained Alumni
    Join Date
    Oct 2007
    Location
    Columbus, OH
    Posts
    70
    Rep Power
    7

    Default

    I have seen x509 certs (not specifically from Thawte) that have all the plain text portions at the top, so you get a cert that starts with
    Code:
    Certificate
         Data:
           Version: 3 (0x2)
           Serial Number: 1 (0x1)
           Signature Algorithm: md5WithRSAEncryption
           Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
                   OU=Certification Services Division,
                   CN=Thawte Server CA/emailAddress=server-certs@thawte.com
           blahblahblah
    But, if all your certificate has is the encoded stuff, that wouldn't be the problem. I also don't know that cert in that format won't work...I just know that I used only the base64 encoded one, and that works

    Do you have a single-server setup, or is it multiple server?

  5. #5
    galezer is offline Intermediate Member
    Join Date
    Nov 2007
    Posts
    19
    Rep Power
    7

    Default i have a single server setup

    maybe its the type of the cert? apache was enough when i did that on the last scalix server i had.

    i have all the files encoded in text edition. nowhere yo go from here.

    is there another option ?

    galezer

  6. #6
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Quote Originally Posted by galezer View Post
    i got Zcs network edition 5.06 and cannot get my thawte certificates to work.

    Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: Invalid Certificate:
    That seems like the error described here: http://www.zimbra.com/forums/adminis...s-5-0-6-a.html

    A) The easiest workaround is to specify "--- All Servers ---" as the target server when installing the commericial cert.

    B) The other way is to create the commercial_ca.crt (concantenated chain file) manually under /opt/zimbra/ssl/zimbra/commercial.

    Bug 28085 - zmcertmgr doesn't break down the concatenated commercial cert from Ldap

  7. #7
    galezer is offline Intermediate Member
    Join Date
    Nov 2007
    Posts
    19
    Rep Power
    7

    Default i tried with "all servers" - i get new error message

    this message reads :
    AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: failed to create jetty.pkcs12

    another bug perhaps ?

    something else that can help me here?

  8. #8
    galezer is offline Intermediate Member
    Join Date
    Nov 2007
    Posts
    19
    Rep Power
    7

    Wink at last it did work! using " all servers"

    i cut some white space after the --end-- flag and
    thanks for all that helped - i mark this thread solved.

    thank for all of you that helped - i like this forum.

    galezer

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. [SOLVED] Commercial cert Thawte
    By lindworm in forum Administrators
    Replies: 8
    Last Post: 08-04-2009, 09:49 AM
  3. [SOLVED] Commercial Certificate - Thawte - ZC5
    By orenagiv in forum Installation
    Replies: 2
    Last Post: 06-12-2008, 09:12 AM
  4. Replies: 1
    Last Post: 11-05-2007, 06:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •