Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page ssl on 3.0.1_GA_160_SuSE10

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 04-03-2006, 03:32 PM
Senior Member
  
Posts: 67
Default ssl on 3.0.1_GA_160_SuSE10
I done several clean installs on suse 10 trying to find a way to work with ssl certs.

I've tried the many ideas in the forums to at least remove the current default certs and create a new set with zmcreatecert anc zmcreateca. Here is what I get:

keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra

are successfully used.

Then in /opt/zimbra:

mv ssl ssl.back
mkdir ssl
chown zimbra:zimbra ssl

Then:

** Creating CA private key

Generating a 1024 bit RSA private key
................................++++++
............++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
-----
** Creating CA cert

Signature ok
subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=servername
Getting Private key
unable to write 'random state'

Then

zmcreatecert

** Importing CA

Certificate was added to keystore
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
.............++++++
..................++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 3 (0x3)
Validity
Not Before: Apr 3 21:24:08 2006 GMT
Not After : Apr 3 21:24:08 2007 GMT
Subject:


stuff

Certificate is to be certified until Apr 3 21:24:08 2007 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=stuff
Getting CA Private Key
unable to write 'random state'

then

zmcertinstall mailbox
** Importing server cert

keytool error: java.lang.Exception: Public keys in reply and keystore don't match


zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key
** Importing server cert

hmmm. now what?
Reply With Quote
  #2 (permalink)  
Old 04-03-2006, 03:58 PM
Zimbra Employee
  
Posts: 4,792
Default
Just to be clear does the default self signed certs not work for you? Are you trying to add a commercial cert or self signed cert after the fact?
__________________
Bugzilla - Wiki - Downloads - Offline Client
Reply With Quote
  #3 (permalink)  
Old 04-03-2006, 04:06 PM
Senior Member
  
Posts: 67
Default
Quote:
Originally Posted by KevinH
Just to be clear does the default self signed certs not work for you? Are you trying to add a commercial cert or self signed cert after the fact?

I am in the process of intalling a real cert, but I'm trying to install s self signed cert to make sure I can get back to having some kind of cert. I have logged back into the system after making the self signed cert (stopping then starting zimbra) and https seems to be working. I don't know why there are errors but it still seems to work.

The next phase was to try to install real certs.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.