Results 1 to 6 of 6

Thread: SSL Cert woes

  1. #1
    3RiversTechAdmin's Avatar
    3RiversTechAdmin is offline Special Member
    Join Date
    Oct 2006
    Posts
    100
    Rep Power
    8

    Default SSL Cert woes

    I am having problems installing my GoDaddy SSL certs, here are the steps I am taking:

    1. Clicked Install Certificate under Certificates in the Zimbra admin panel
    2. Select Generate the CSR (certificate signing request) for the commercial certificate authorizer
    3. Enter information and download CSR.
    4. Open CSR and pasted contents into Go Daddy form
    6. Downloaded the Go Daddy certificate bundle using the link in the email and the Root Certificate (gd-class2-root.crt) from https://certificates.starfieldtech.com/Repository.go
    7. Went back to Certificates in the Zimbra Administration interface
    8. Click Install Certificate
    9. Select Install the commercially signed certificate
    1. Certificate: mail.domain.com.crt
    2. Root CA: gd-class2-root.crt
    3. Intermediate CA: gd_bundle.crt
    10. Clicked Install and received the below error
    Error:
    Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: Invalid Certificate:
    Anyone know what I am doing wrong? Thanks.

  2. #2
    3RiversTechAdmin's Avatar
    3RiversTechAdmin is offline Special Member
    Join Date
    Oct 2006
    Posts
    100
    Rep Power
    8

    Default I'm still stuck

    Any suggestions would be very much appreciated

  3. #3
    Bill Brock is offline Outstanding Member
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    8

  4. #4
    3RiversTechAdmin's Avatar
    3RiversTechAdmin is offline Special Member
    Join Date
    Oct 2006
    Posts
    100
    Rep Power
    8

    Default

    Yes, I was reading that page as I tried this all. I wanted to get some feed back to make sure I am doing this correctly before I try the zmcertmgr way.

  5. #5
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    If you're still using 5.0.6_GA_2313.UBUNTU6 FOSS edition that's Bug 28085 – zmcertmgr doesn't break down the concatenated commercial cert from Ldap

    Admin console:
    A) The easiest workaround is to specify "--- All Servers ---" as the target server when installing the commercial cert from the admin console.

    CLI:
    B) The other way is to create the commercial_ca.crt (concantenated chain file) manually under /opt/zimbra/ssl/zimbra/commercial.
    Order of the GoDaddy chain certs for concatenation:
    * RootCA
    * gd_cross_intermediate.crt
    * gd_intermediate.crt
    * server_name.crt
    Then use the zmcertmgr command.

  6. #6
    3RiversTechAdmin's Avatar
    3RiversTechAdmin is offline Special Member
    Join Date
    Oct 2006
    Posts
    100
    Rep Power
    8

    Smile Update

    Using method A above worked beautifully, thanks Mike.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. SSL Cert Questions
    By playnada in forum Administrators
    Replies: 3
    Last Post: 05-06-2008, 10:22 AM
  2. [SOLVED] SSL Cert Import IE/windows broken?
    By raj in forum Installation
    Replies: 4
    Last Post: 01-28-2008, 07:48 PM
  3. [SOLVED] Tomcat ignoring new SSL cert?
    By gkra in forum Administrators
    Replies: 1
    Last Post: 09-07-2007, 10:44 AM
  4. Replies: 2
    Last Post: 03-25-2007, 09:40 PM
  5. SSL Cert Problem using SOAP API
    By pbwebguy in forum Developers
    Replies: 1
    Last Post: 06-06-2006, 05:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •