Zimbra

mek1 · #1 (**permalink**) 10-29-2008, 12:22 PM

I've generated a commercial CSR. We have a NetworkSolutions wildcard SSL for our company, i.e. *.company.com. When I try to reissue the CSR it says

"The domain is not wild card domain.

Invalid domain name."

Has anyone been able to issue their zimbra server, for example mx.company.com, from NetworkSolutions?

jon.kibler@aset.com · #2 (**permalink**) 10-29-2008, 02:04 PM

Can you post a dump of your CSR?

openssl req -text -noout -in WHATEVER.csr

mek1 · #3 (**permalink**) 10-29-2008, 02:13 PM

Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=WI, L=city name, O=company name co., OU=IT, CN=mx1.company.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b6:5c:98:6c:88:dc:4a:17:ad:b5:fb:28:ba:b3:
3b:d7:17:b3:fe:08:8a:f6:d7:b2:61:f9:63:56:ae:
9f:71:ae:ef:8b:82:5b:51:d1:d4:fc:9a:0b:8d:50:
dc:61:44:59:91:c0:22:19:a7:3e:28:d3:01:3e:1f:
23:4a:16:48:b6:a1:c6:7f:bc:a8:f3:3a:91:00:aa:
71:78:f1:16:4a:d7:4c:6a:fd:2f:b6:69:85:04:0c:
3a:37:b6:2c:aa:2a:10:32:57:96:a0:59:41:2f:46:
ff:b0:23:d9:0b:8a:7e:4d:f0:05:87:1b:12:b0:30:
2e:cd:4c:cf:ee:c3:65:a7:7d
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Signature Algorithm: sha1WithRSAEncryption
64:73:a0:b2:9f:ea:19:fc:b1:74:da:1d:91:58:83:a2:11 :59:
3e:c5:23:cf:58:17:87:46:45:86:fa:ec:b6:62:41:f6:34 :68:
4b:64:5c:5a:a9:9c:f0:5c:12:d1:00:7c:6c:76:b3:d6:dd :07:
f1:95:58:61:46:66:49:44:8b:f7:a9:bb:d4:e0:c2:c3:7b :51:
48:bc:16:21:0f:58:d3:09:46:3e:4f:46:a8:55:f7:0c:ae :5f:
d0:18:a1:a3:6f:85:9d:49:cd:be:ba:a5:f4:93:11:f6:49 :12:
6c:57:0d:04:8c:fb:06:f0:1b:7a:51:2d:49:a3:75:f0:35 :d9:
e3:90

jon.kibler@aset.com · #4 (**permalink**) 10-29-2008, 02:32 PM

This is not a wildcard CSR request. If it were, the CN would be *.company.com

My guess is that is your problem.

Jon K.

mek1 · #5 (**permalink**) 10-30-2008, 02:14 PM

Jon,

You were right on that. I recreated a CSR (for *.company.com) from the Web GUI last night and submitted it to NetSol.

Following the wiki article I went and did it all by hand. When attempting to run a check I get the following:

Code:

[root@localhost commercial]# /opt/zimbra/bin/zmcertmgr verifycrt comm
** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
unable to load certificate
24906:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:746:
XXXXX ERROR: Unmatching certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
[root@localhost commercial]#

Anyone have an idea on why it can't validate?

jon.kibler@aset.com · #6 (**permalink**) 10-31-2008, 11:06 AM

You have garbage characters at the end of lines on your cert...
"... :bad end line

em_lib.c:746"

Most likely causes:
1) You copies cert from/to windows box
2) Your file is not in PEM format
3) Your file is truncated or other wise corrupt

re #3: File should begin with a "--- begin certificate ---" line and end with an "--- end certificate ---" line (dashes and case may vary).

Zimbra

Downloads

Product Information

Toolbox

Why Join?