TLS Errors after installing Thawte cert

**rogle** · 03-20-2009, 12:34 PM

I am attempting a new install of zimbra. I am new to the product.
I was using a self generated cert until ready to go live, when I installed a cert from thawte.

Prior to the install, the self-signed cert smtp worked fine, but couldn't get IE to trust the cert- thus purchasing one from thawte.

Since installation, the browsers don't complain about the ssl, but email clients can't access smtp.

Could postfix still be looking at the old cert somehow and puking on that? If so, how do I verify?

Thank you for your patience.

**rogle** · 03-25-2009, 12:56 PM

I'm still stuck....I'm *not* trying to be smart here- does this mean that I'm the only person in the history of zimbra that has had trouble installing a third party cert?

**phoenix** · 03-25-2009, 01:49 PM

Have you searched the forums or tried these instructions?

**rogle** · 03-26-2009, 08:34 AM

well...I *thought* I did.

I have since generated a new csr via the web ui and gotten thawte to generate a new cert.
I copied the cert to notepad and saved as mycert.pem
I go through the install cert wizard and it asks for a Certificate as well as a CA. It won't let me give it same file for both.

So...where do I go from there?

**phoenix** · 03-26-2009, 09:12 AM

[SOLVED] Commercial cert Thawte

**rogle** · 03-26-2009, 09:15 AM

OK...I got past the UI deal by the second post in this thread.
[SOLVED] Commercial Certificate - Thawte - ZC5

Whoo Hoo!!

-----
Now, slapd won't start.

$ zmcontrol start
Host <machine name>
Starting ldap...Done.
FAILED
Failed to start slapd. Attempting debug start to determine error.
TLS: error:0906D06C EM routines EM_read_bio:no start line pem_lib.c:647
TLS: error:0906D06C EM routines EM_read_bio:no start line pem_lib.c:647
TLS: error:02001002 ystem library:fopen:No such file or directory bss_file.c:356
TLS: error:20074002:BIO routines:FILE_CTRL ystem lib bss_file.c:358
main: TLS init def ctx failed: -1

**phoenix** · 03-26-2009, 09:25 AM

Which version of openssl do you have installed?

**rogle** · 03-26-2009, 09:28 AM

openssl 0.9.8i

...and THANK YOU for the quick responses!!!!!

**rogle** · 03-26-2009, 09:32 AM

sudo /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /tmp/commercial.crt: OK
** Copying /tmp/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain /tmp/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.

**phoenix** · 03-26-2009, 09:37 AM

Follow all the instructions in this post: [SOLVED] Commercial cert Thawte

Zimbra

Thread: TLS Errors after installing Thawte cert

LinkBack

Thread Tools

Search Thread

Display

TLS Errors after installing Thawte cert

Still stuck

Doesn't match the wizard

Progress!?

new error

Thread Information

Users Browsing this Thread

Similar Threads

Upgrade from 5.09 to 5.13 failed with LDAP TLS error on valid self signed cert

[SOLVED] persistent LDAP errors while installing ZCS Open Source

Installing Commercial Cert From Old Server

Possible Cert / TLS problem in 5.0.2, suggested fixes not working

Posting Permissions