Results 1 to 6 of 6

Thread: Wildcard SSL

  1. #1
    mek1 is offline Loyal Member
    Join Date
    Jul 2008
    Posts
    78
    Rep Power
    7

    Default Wildcard SSL

    I've generated a commercial CSR. We have a NetworkSolutions wildcard SSL for our company, i.e. *.company.com. When I try to reissue the CSR it says

    "The domain is not wild card domain.

    Invalid domain name."

    Has anyone been able to issue their zimbra server, for example mx.company.com, from NetworkSolutions?

  2. #2
    jon.kibler@aset.com is offline Intermediate Member
    Join Date
    Oct 2008
    Posts
    17
    Rep Power
    6

    Default

    Can you post a dump of your CSR?

    openssl req -text -noout -in WHATEVER.csr

  3. #3
    mek1 is offline Loyal Member
    Join Date
    Jul 2008
    Posts
    78
    Rep Power
    7

    Default

    Certificate Request:
    Data:
    Version: 0 (0x0)
    Subject: C=US, ST=WI, L=city name, O=company name co., OU=IT, CN=mx1.company.com
    Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (1024 bit)
    Modulus (1024 bit):
    00:b6:5c:98:6c:88:dc:4a:17:ad:b5:fb:28:ba:b3:
    3b:d7:17:b3:fe:08:8a:f6:d7:b2:61:f9:63:56:ae:
    9f:71:ae:ef:8b:82:5b:51:d1:d4:fc:9a:0b:8d:50:
    dc:61:44:59:91:c0:22:19:a7:3e:28:d3:01:3e:1f:
    23:4a:16:48:b6:a1:c6:7f:bc:a8:f3:3a:91:00:aa:
    71:78:f1:16:4a:d7:4c:6a:fd:2f:b6:69:85:04:0c:
    3a:37:b6:2c:aa:2a:10:32:57:96:a0:59:41:2f:46:
    ff:b0:23:d9:0b:8a:7e:4d:f0:05:87:1b:12:b0:30:
    2e:cd:4c:cf:ee:c3:65:a7:7d
    Exponent: 65537 (0x10001)
    Attributes:
    Requested Extensions:
    X509v3 Basic Constraints:
    CA:FALSE
    X509v3 Key Usage:
    Digital Signature, Non Repudiation, Key Encipherment
    Signature Algorithm: sha1WithRSAEncryption
    64:73:a0:b2:9f:ea:19:fc:b1:74:da:1d:91:58:83:a2:11 :59:
    3e:c5:23:cf:58:17:87:46:45:86:fa:ec:b6:62:41:f6:34 :68:
    4b:64:5c:5a:a9:9c:f0:5c:12:d1:00:7c:6c:76:b3:d6:dd :07:
    f1:95:58:61:46:66:49:44:8b:f7:a9:bb:d4:e0:c2:c3:7b :51:
    48:bc:16:21:0f:58:d3:09:46:3e:4f:46:a8:55:f7:0c:ae :5f:
    d0:18:a1:a3:6f:85:9d:49:cd:be:ba:a5:f4:93:11:f6:49 :12:
    6c:57:0d:04:8c:fb:06:f0:1b:7a:51:2d:49:a3:75:f0:35 :d9:
    e3:90

  4. #4
    jon.kibler@aset.com is offline Intermediate Member
    Join Date
    Oct 2008
    Posts
    17
    Rep Power
    6

    Default

    This is not a wildcard CSR request. If it were, the CN would be *.company.com

    My guess is that is your problem.

    Jon K.

  5. #5
    mek1 is offline Loyal Member
    Join Date
    Jul 2008
    Posts
    78
    Rep Power
    7

    Default

    Jon,

    You were right on that. I recreated a CSR (for *.company.com) from the Web GUI last night and submitted it to NetSol.

    Following the wiki article I went and did it all by hand. When attempting to run a check I get the following:
    Code:
    [root@localhost commercial]# /opt/zimbra/bin/zmcertmgr verifycrt comm
    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    unable to load certificate
    24906:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:746:
    XXXXX ERROR: Unmatching certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
    [root@localhost commercial]#
    Anyone have an idea on why it can't validate?
    Last edited by mek1; 10-30-2008 at 02:16 PM.

  6. #6
    jon.kibler@aset.com is offline Intermediate Member
    Join Date
    Oct 2008
    Posts
    17
    Rep Power
    6

    Default

    You have garbage characters at the end of lines on your cert...
    "... :bad end lineem_lib.c:746"

    Most likely causes:
    1) You copies cert from/to windows box
    2) Your file is not in PEM format
    3) Your file is truncated or other wise corrupt

    re #3: File should begin with a "--- begin certificate ---" line and end with an "--- end certificate ---" line (dashes and case may vary).

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Wildcard SSL Certificates?
    By James Brinkerhoff in forum Administrators
    Replies: 1
    Last Post: 06-15-2012, 10:23 AM
  2. [SOLVED] Commercial SSL certs not working
    By veronica in forum Installation
    Replies: 6
    Last Post: 06-30-2008, 05:33 AM
  3. Disable SSL on the Admin Port 7071
    By rasputin in forum Installation
    Replies: 2
    Last Post: 04-06-2008, 03:29 AM
  4. Replies: 1
    Last Post: 01-02-2008, 09:31 PM
  5. Help with tomcat ssl errors...
    By sgtstadanko in forum Administrators
    Replies: 4
    Last Post: 03-19-2007, 09:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •