[SOLVED] can't install RapidSSL certificate

[vaidotas]

I don't understand what I am doing wrong, but can't install RapidSSL certificate on Zimbra mail server.

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt commercial_ca.crt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
XXXXX ERROR: Invalid Certificate: commercial.crt: /C=LT/O=xxx.xxx.lt/OU=GT63438002/OU=See RapidSSL.com - redirect (c)09/OU=Domain Control Validated - RapidSSL(R)/CN=xxx.xxx.lt
error 20 at 0 depth lookup:unable to get local issuer certificate

From web interface I have this error:
Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate Chain: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=LT/O=xxx.xxx.lt/OU=GT63438002/OU=See RapidSSL.com - redirect (c)09/OU=Domain Control Validated - RapidSSL(R)/CN=xxx.xxx.lt

anyone can help me?


Found the solution:
I was trying to use incorrect root certificate.
The correct root certificate for RapidSSL certificate is: Equifax Secure Certificate Authority
Download Root Certificates - GeoTrust

[branov]

Hi there, I have the same problem:

Code:

mail:/opt/zimbra/ssl/zimbra/commercial# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt commercial_ca.crt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
XXXXX ERROR: Invalid Certificate: commercial.crt: /serialNumber=8MvKL0Kn-0MUq7vAKp/Yb8eO49ETC=CZ/O=mail.DOMAIN/OU=GT98696796/OU=See www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - RapidSSL(R)/CN=mail.DOMAIN
error 20 at 0 depth lookup:unable to get local issuer certificate

I have tried your solution and more other, I was found here in forum (using GeoTrust and etc...) but I still have this problem. Please, can somebody help me with this? I trying to solve this per two weeks, but I still cant (

Thank you so much

[cbardy]

First you need to dowload the proper certificate and intermediate certificate that RapidSSL made available to you.

In a text editor, ensure that there is a proper carriage return at the end of each file (and most importantly the intermediate cert). Zimbra certificate installation process somehow concatenates the intermediate cert with the root cert and without the proper carriage return produces a incorrect file.

Without the carriage return the concatenated file contains a line with

Code:

 -----END CERTIFICATE----------BEGIN CERTIFICATE-----

where there should be :

Code:

-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----

you also need the new root cert from GEotrust/equifax that you can get at the following address :

http://www.geotrust.com/resources/ro..._Global_CA.cer

That file is correct and ends with the proper carriage return.

with all these three files OK, I was able to install my new rapidSSL cert without problems (OK i took me a while to figure out the carriage return problem but i found the solution in this thread