Results 1 to 8 of 8

Thread: StartSSL Free SSL Certificate + Zimbra

  1. #1
    deniz is offline Junior Member
    Join Date
    Aug 2009
    Posts
    7
    Rep Power
    5

    Default StartSSL Free SSL Certificate + Zimbra

    Hi,

    I was just wondering if anyone had any experience with the free non-selfsigned StartSSL certificates from StartSSL™ Certificates & Public Key Infrastructure.

    Can they be easily be loaded into zimbra and how does it work?

    Thanks,
    Deniz

  2. #2
    Maddler is offline Member
    Join Date
    Oct 2009
    Posts
    14
    Rep Power
    5

    Default

    I was able to import it, but despite the import procedure went fine it looks like the certificate is not working correctly, and SSL services aren't started.

  3. #3
    deuscapturus is offline New Member
    Join Date
    Jul 2009
    Posts
    4
    Rep Power
    5

  4. #4
    thunder04 is offline Special Member
    Join Date
    Dec 2007
    Location
    At work...Menlo Park, CA
    Posts
    155
    Rep Power
    7

    Default

    I've never been able to get the basic StartSSL cert to work with Zimbra. I don't know if it's me, or if it's StartSSL, but I get the following message when installing it via the CLI:

    Code:
    XXXXX ERROR: Unmatching certificate (/tmp/ssl.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
    XXXXX ERROR: provided cert isn't valid.
    And the following message when installing it via the admin console:

    Code:
    Message: invalid request: missing required attribute: server Error code: service.INVALID_REQUEST Method: GetCertRequest Details:soap:Sender
    As far as I know, I'm doing everything correct. I generated a new certificate signing request via the admin console, give the CSR to StartSSL (which they like), and they generate a certificate for me.

    My hunch is that the problem lies with the way my Zimbra server is named. The server itself is named friendlyname.ourdomain.com, but the certificate needs to be for mail.ourdomain.com.

    When generating the CSR, I specify "mail.ourdomain.com" as the common name. Should it be a Subject Alternative Name instead....or both?

    Or, perhaps, it is a StartSSL problem as "All content of the certificate signing request is ignored except its public key."?

    We used to use ipsCA certs and never had an issue (until their CA cert expired)...

  5. #5
    dik23 is offline Advanced Member
    Join Date
    Dec 2010
    Location
    UK
    Posts
    196
    Rep Power
    4

    Default

    Works fine for me, but remember to remove the pass phrase from the cert before installing or you'll have problems

  6. #6
    thunder04 is offline Special Member
    Join Date
    Dec 2007
    Location
    At work...Menlo Park, CA
    Posts
    155
    Rep Power
    7

    Default

    If you use the Zimbra generated CSR, there shouldn't be a password??

  7. #7
    dik23 is offline Advanced Member
    Join Date
    Dec 2010
    Location
    UK
    Posts
    196
    Rep Power
    4

    Default

    I must not have used the Zimbra CSR then

  8. #8
    chewitt's Avatar
    chewitt is offline Active Member
    Join Date
    Apr 2008
    Location
    Dubai, UAE
    Posts
    30
    Rep Power
    6

    Default

    My hunch is that the problem lies with the way my Zimbra server is named. The server itself is named friendlyname.ourdomain.com, but the certificate needs to be for mail.ourdomain.com.

    When generating the CSR, I specify "mail.ourdomain.com" as the common name. Should it be a Subject Alternative Name instead....or both?
    No idea if that's the problem, but if you need to support multiple hostnames in the same certificate you need a class 2 cert ($49) not their free class 1 cert.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra spam system
    By rajahd in forum Administrators
    Replies: 9
    Last Post: 04-16-2008, 07:25 PM
  2. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  3. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  4. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  5. Unable to start tomcat
    By chanck in forum Administrators
    Replies: 11
    Last Post: 06-11-2006, 12:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •