ssl on 3.0.1_GA_160_SuSE10

[comptekki]

I done several clean installs on suse 10 trying to find a way to work with ssl certs.

I've tried the many ideas in the forums to at least remove the current default certs and create a new set with zmcreatecert anc zmcreateca. Here is what I get:

keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra

are successfully used.

Then in /opt/zimbra:

mv ssl ssl.back
mkdir ssl
chown zimbra:zimbra ssl

Then:

** Creating CA private key

Generating a 1024 bit RSA private key
................................++++++
............++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
-----
** Creating CA cert

Signature ok
subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=servername
Getting Private key
unable to write 'random state'

Then

zmcreatecert

** Importing CA

Certificate was added to keystore
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
.............++++++
..................++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 3 (0x3)
Validity
Not Before: Apr 3 21:24:08 2006 GMT
Not After : Apr 3 21:24:08 2007 GMT
Subject:


stuff

Certificate is to be certified until Apr 3 21:24:08 2007 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=stuff
Getting CA Private Key
unable to write 'random state'

then

zmcertinstall mailbox
** Importing server cert

keytool error: java.lang.Exception: Public keys in reply and keystore don't match


zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key
** Importing server cert

hmmm. now what?

[KevinH]

Just to be clear does the default self signed certs not work for you? Are you trying to add a commercial cert or self signed cert after the fact?

[comptekki]

Just to be clear does the default self signed certs not work for you? Are you trying to add a commercial cert or self signed cert after the fact?

I am in the process of intalling a real cert, but I'm trying to install s self signed cert to make sure I can get back to having some kind of cert. I have logged back into the system after making the self signed cert (stopping then starting zimbra) and https seems to be working. I don't know why there are errors but it still seems to work.

The next phase was to try to install real certs.