Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
 
Go Back   Zimbra - Forums > Zimbra Collaboration Suite > Administrators
Reload this Page CSR Generated is Missing Information

Welcome to the Zimbra - Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-03-2009, 12:29 AM
New Member
  
Posts: 4
Exclamation CSR Generated is Missing Information
I'm working on generating a CSR to submit to GoDaddy to get a SSL certificate. Due to the new requirements of a 2048 key length - I am doing all this via the zmcertmgr command via SSH.

Here are the commands I'm running:
To generate the CSR:
Code:
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject "/C=US/ST=*STATE*/L=*CITY*/O=**COMPANY**/OU=Information Technology/CN=domain.com" -subjectAltNames "webmail.domain.com,zimbra.domain.com, smtp.domain.com,imap.domain.com"
This generates a successful CSR according to the script.

When I run the command:
Code:
/opt/zimbra/bin/zmcertmgr viewcsr comm
I get these results:
Code:
subject=/C=US/ST=*STATE*/L=*CITY*/O=**COMPANY**/OU=Information Technology/CN=domain.comSubjectAltName= imap., smtp., webmail., zimbra.
Now I download the commercial.csr file and submit it to GoDaddy. When I install the certificate GoDaddy gives me it is missing the Subject Alt Names AND all of the subject information. It is simply a certificate for domain.com and www. domain.com

In addition, if I use the GUI to install the certificate and it displays the page with the CSR information it is blank as well and doesn't contain the information that I specified in the "createcsr" command.

Please be gentle as this is my first Zimbra 6.0 install so it's been a learning experience for me. I've scoured the fourms/Google and found similar scenarios but either they seem to be unresolved or their solution didn't work.

We're running Zimbra Open Source - Release 6.0.1_GA_1816.UBUNTU8_64 UBUNTU8_64 FOSS edition on Ubuntu 8.04 64-bit Edition.

Thanks in advance for the assistance!
- John C. Massie
Last edited by johnmassie : 11-03-2009 at 12:30 AM. Reason: Added Zimbra Version / Server Info
Reply With Quote
  #2 (permalink)  
Old 11-03-2009, 02:14 AM
Elite Member
  
Posts: 370
Default
Yout CSR only doesnt look proper:-

SubjectAltName= imap., smtp., webmail., zimbra.

Regenerate the CSR. Delete first everything in /opt/zimbra/ssl/zimbra/commercial and recreate the CSR. Test it to have the proper alt names.
Reply With Quote
  #3 (permalink)  
Old 11-03-2009, 08:20 AM
New Member
  
Posts: 4
Default
Hello Veronica,

Thanks for your reply. I've deleted that folder many times in working with this issue and re-generated the CSR and always get the same result. I tried it again this morning and have the same outcome.

I've even tried adding a space between names and without to see if that made a difference along with adding or remove the "quotes" around them.

Thanks!
- John
Reply With Quote
  #4 (permalink)  
Old 11-04-2009, 03:03 AM
Elite Member
  
Posts: 370
Default
John,

I tried the same command like this : -

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=US/ST=OH/L=ML/O=TEST/OU=Information Technology/CN=test.domain.com" -subjectAltNames "webmail.domain.com,zimbra.domain.com, smtp.domain.com,imap.domain.com"

** Generating a server csr for download comm -new -subject /C=US/ST=OH/L=ML/O=TEST/OU=Information Technology/CN=test.domain.com -subjectAltNames webmail.domain.com,zimbra.domain.com, smtp.domain.com,imap.domain.com
subj=/C=US/ST=OH/L=ML/O=TEST/OU=Information Technology/CN=test.domain.com
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20091105025354
** Creating server cert request /opt/zimbra/ssl/zimbra/commercial/commercial.csr...done.
** Saving server config key zimbraSSLPrivateKey...done.


and verified with :-

/opt/zimbra/bin/zmcertmgr viewcsr comm /opt/zimbra/ssl/zimbra/commercial/commercial.csr

subject=/C=US/ST=OH/L=ML/O=TEST/OU=Information Technology/CN=test.domain.com
SubjectAltName= toi-ldap.in.zimbra.com, imap.domain.com, smtp.domain.com, webmail.domain.com, zimbra.domain.com

First time it gave blank AltSubjectNames but I again ran the creation command and then it showed.
Reply With Quote
  #5 (permalink)  
Old 11-04-2009, 10:00 PM
New Member
  
Posts: 4
Default
Thanks again for your help.

I tired that command adding the "-subject" and get this error
"Subject does not start with '/'."

The only way I can get that command to run is to remove "-subject".

I've also tried running it twice as you said and get the same results as before.


Thanks,
- John
Reply With Quote
  #6 (permalink)  
Old 11-10-2009, 07:02 PM
New Member
  
Posts: 4
Default
I have tried several different things and the outcome hasn't changed. I'm still getting the Subject Alt Names without the domain at the end "webmail., imap., smtp." even though I specify the FQDN in the CSR request.

In addition I tried changing the CN to webmail.domain.com and still get the same results on the SubjectAltName.

Can anyone else assist?


Thanks!
John
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

Zimbrablog.com


Home - Blog - Contact Us - Archive - Top


 

Search Engine Optimization by vBSEO 3.1.0