Results 1 to 7 of 7

Thread: CSR Generated is Missing Information

  1. #1
    johnmassie is offline New Member
    Join Date
    Nov 2009
    Location
    Central Ohio
    Posts
    4
    Rep Power
    5

    Exclamation CSR Generated is Missing Information

    I'm working on generating a CSR to submit to GoDaddy to get a SSL certificate. Due to the new requirements of a 2048 key length - I am doing all this via the zmcertmgr command via SSH.

    Here are the commands I'm running:
    To generate the CSR:
    Code:
    /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject "/C=US/ST=*STATE*/L=*CITY*/O=**COMPANY**/OU=Information Technology/CN=domain.com" -subjectAltNames "webmail.domain.com,zimbra.domain.com, smtp.domain.com,imap.domain.com"
    This generates a successful CSR according to the script.

    When I run the command:
    Code:
    /opt/zimbra/bin/zmcertmgr viewcsr comm
    I get these results:
    Code:
    subject=/C=US/ST=*STATE*/L=*CITY*/O=**COMPANY**/OU=Information Technology/CN=domain.comSubjectAltName= imap., smtp., webmail., zimbra.
    Now I download the commercial.csr file and submit it to GoDaddy. When I install the certificate GoDaddy gives me it is missing the Subject Alt Names AND all of the subject information. It is simply a certificate for domain.com and www. domain.com

    In addition, if I use the GUI to install the certificate and it displays the page with the CSR information it is blank as well and doesn't contain the information that I specified in the "createcsr" command.

    Please be gentle as this is my first Zimbra 6.0 install so it's been a learning experience for me. I've scoured the fourms/Google and found similar scenarios but either they seem to be unresolved or their solution didn't work.

    We're running Zimbra Open Source - Release 6.0.1_GA_1816.UBUNTU8_64 UBUNTU8_64 FOSS edition on Ubuntu 8.04 64-bit Edition.

    Thanks in advance for the assistance!
    - John C. Massie
    Last edited by johnmassie; 11-03-2009 at 12:30 AM. Reason: Added Zimbra Version / Server Info

  2. #2
    veronica is offline Outstanding Member
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    Yout CSR only doesnt look proper:-

    SubjectAltName= imap., smtp., webmail., zimbra.

    Regenerate the CSR. Delete first everything in /opt/zimbra/ssl/zimbra/commercial and recreate the CSR. Test it to have the proper alt names.

  3. #3
    johnmassie is offline New Member
    Join Date
    Nov 2009
    Location
    Central Ohio
    Posts
    4
    Rep Power
    5

    Default

    Hello Veronica,

    Thanks for your reply. I've deleted that folder many times in working with this issue and re-generated the CSR and always get the same result. I tried it again this morning and have the same outcome.

    I've even tried adding a space between names and without to see if that made a difference along with adding or remove the "quotes" around them.

    Thanks!
    - John

  4. #4
    veronica is offline Outstanding Member
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    John,

    I tried the same command like this : -

    /opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=US/ST=OH/L=ML/O=TEST/OU=Information Technology/CN=test.domain.com" -subjectAltNames "webmail.domain.com,zimbra.domain.com, smtp.domain.com,imap.domain.com"

    ** Generating a server csr for download comm -new -subject /C=US/ST=OH/L=ML/O=TEST/OU=Information Technology/CN=test.domain.com -subjectAltNames webmail.domain.com,zimbra.domain.com, smtp.domain.com,imap.domain.com
    subj=/C=US/ST=OH/L=ML/O=TEST/OU=Information Technology/CN=test.domain.com
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20091105025354
    ** Creating server cert request /opt/zimbra/ssl/zimbra/commercial/commercial.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...done.


    and verified with :-

    /opt/zimbra/bin/zmcertmgr viewcsr comm /opt/zimbra/ssl/zimbra/commercial/commercial.csr

    subject=/C=US/ST=OH/L=ML/O=TEST/OU=Information Technology/CN=test.domain.com
    SubjectAltName= toi-ldap.in.zimbra.com, imap.domain.com, smtp.domain.com, webmail.domain.com, zimbra.domain.com

    First time it gave blank AltSubjectNames but I again ran the creation command and then it showed.

  5. #5
    johnmassie is offline New Member
    Join Date
    Nov 2009
    Location
    Central Ohio
    Posts
    4
    Rep Power
    5

    Default

    Thanks again for your help.

    I tired that command adding the "-subject" and get this error
    "Subject does not start with '/'."

    The only way I can get that command to run is to remove "-subject".

    I've also tried running it twice as you said and get the same results as before.


    Thanks,
    - John

  6. #6
    johnmassie is offline New Member
    Join Date
    Nov 2009
    Location
    Central Ohio
    Posts
    4
    Rep Power
    5

    Default

    I have tried several different things and the outcome hasn't changed. I'm still getting the Subject Alt Names without the domain at the end "webmail., imap., smtp." even though I specify the FQDN in the CSR request.

    In addition I tried changing the CN to webmail.domain.com and still get the same results on the SubjectAltName.

    Can anyone else assist?


    Thanks!
    John

  7. #7
    sismed is offline Junior Member
    Join Date
    May 2007
    Posts
    5
    Rep Power
    8

    Default

    Maybe this funcition of /opt/zimbra/bin/zmcertmgr is removing your AltNames from csr (as it happened to me).
    ---

    createConf() {
    ssl_conf=$1
    shift

    ALTNAMES=""
    tmphosts=`echo $* | sed -e "s/,/ /g" -e "s/${zimbra_server_hostname}//g"`
    # remove any duplicate hosts.
    althosts=`perl -e '%uniq = map {$_ => 1} @ARGV; print join(" ", sort keys %uniq), "\n"' $tmphosts`

    for alt in $althosts; do
    if [ "x$ALTNAMES" = "x" ]; then
    ALTNAMES="subjectAltName = DNS:${zimbra_server_hostname},DNS:${alt}"
    else
    ALTNAMES="${ALTNAMES},DNS:${alt}"
    fi
    done
    ----



    You can put thjs after the "for" loop (line 751 in my case)

    ALTNAMES= "subjectAltName = DNS:webmail.domain.com, DNS:zimbra.domain.com, DNS:smtp.domain.com, DNS:imap.domain.com"

    It will force openssl to create a csr as your needs, but I'm not a zimbra engineer and don't know if it will break something.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] 5.0.11 -> 5.0.12 Upgrade failed (SSLeay.so)
    By bards1888 in forum Installation
    Replies: 30
    Last Post: 04-26-2010, 07:56 AM
  2. [SOLVED] upgrading to latest 4.5 release
    By ak2009 in forum Installation
    Replies: 6
    Last Post: 01-17-2009, 09:08 AM
  3. Zimbra OSS 4.5.11 Re-install
    By newmember in forum Installation
    Replies: 0
    Last Post: 09-09-2008, 10:26 PM
  4. 4.5.11 to 5.06 Migration Suggestion
    By newmember in forum Migration
    Replies: 15
    Last Post: 09-02-2008, 06:59 PM
  5. Traslation SVN tree status
    By meikka in forum I18N/L10N - Translations
    Replies: 7
    Last Post: 02-13-2007, 11:13 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •