Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: [SOLVED] Installing commercial certificate issue

  1. #1
    rosol is offline Intermediate Member
    Join Date
    Apr 2010
    Posts
    19
    Rep Power
    5

    Default [SOLVED] Installing commercial certificate issue

    Hi.
    We use community version 6.
    When i try to install commercial certificate into Zimbra i get errors:

    ./zmcertmgr deploycrt comm /tmp/server.crt /tmp/ca_bundle.crt
    ** Verifying /tmp/server.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/server.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Error loading file /tmp/ca_bundle.crt
    usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...
    recognized usages:
    sslclient SSL client
    sslserver SSL server
    nssslserver Netscape SSL server
    smimesign S/MIME signing
    smimeencrypt S/MIME encryption
    crlsign CRL signing
    any Any Purpose
    ocsphelper OCSP helper
    XXXXX ERROR: Invalid Certificate:
    XXXXX ERROR: provided cert isn't valid.

    I've used this article to install cert: Installing a RapidSSL Commercial Certificate - Zimbra :: Wiki

    Someone has similar problem?
    Thx.

  2. #2
    tonster is offline Zimbra Employee
    Join Date
    Dec 2007
    Location
    Ypsilanti, MI
    Posts
    142
    Rep Power
    7

    Default

    The text you specified listed the problem. It says it cannot load /tmp/ca_bundle.crt for some reason. Does the file not exist? Does it contain a valid certificate?

  3. #3
    rosol is offline Intermediate Member
    Join Date
    Apr 2010
    Posts
    19
    Rep Power
    5

    Default

    I know that ca_bundle.crt is the issue but article Installing a RapidSSL Commercial Certificate - Zimbra :: Wiki says that i need to download that ca_bundle.crt file and copy it to /tmp:

    Download the appropriate bundle file from http://www.geotrust.com/resources/ro..._Authority.cer . RapidSSL certificates are always signed by Equifax!! Save this as ca_bundle.crt

    So i did it and have this error like above in my first post.

    Thx. for replay.

  4. #4
    tonster is offline Zimbra Employee
    Join Date
    Dec 2007
    Location
    Ypsilanti, MI
    Posts
    142
    Rep Power
    7

    Default

    But what does the file look like on the server? Are you running zmcertmgr as root?

  5. #5
    rosol is offline Intermediate Member
    Join Date
    Apr 2010
    Posts
    19
    Rep Power
    5

    Default

    I do exactly all steps like in this article, step by step.

  6. #6
    rosol is offline Intermediate Member
    Join Date
    Apr 2010
    Posts
    19
    Rep Power
    5

    Default

    Previous i've downloaded http://www.geotrust.com/resources/ro..._Authority.cer by Windows Firefox then copy&paste into zimbra host by putty.
    Now i used wget -c http://www.geotrust.com/resources/ro..._Authority.cer and copied this file into /tmp/ca_bundle.crt
    Then cd /opt/zimbra/bin
    and ./zmcertmgr deploycrt comm /tmp/server.crt /tmp/ca_bundle.crt
    Now i have other info:

    ** Verifying /tmp/server.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/server.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /tmp/server.crt: OK
    ** Copying /tmp/server.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /tmp/ca_bundle.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

    XXXXX ERROR: failed to create jetty.pkcs12
    No certificate matches private key

    What does it mean? How to fix it?

    Thx.

  7. #7
    rosol is offline Intermediate Member
    Join Date
    Apr 2010
    Posts
    19
    Rep Power
    5

    Default

    So, from now i cannot send anything because: thereis no certificate to communicate. I use tsl to communicate with server:

    Starting ldap...Done.
    Failed.
    Failed to start slapd. Attempting debug start to determine error.
    TLS: error:0906D066:PEM routines:PEM_read_bio:bad end line pem_lib.c:749
    TLS: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib ssl_rsa.c:491
    main: TLS init def ctx failed: -1

    Any idea?

    Thx.

  8. #8
    rosol is offline Intermediate Member
    Join Date
    Apr 2010
    Posts
    19
    Rep Power
    5

    Default

    I've created new, signed myself cert and Zimbra works fine.
    Ok, someone can help me to install commercial cert on Zimbra?

    Thx.

  9. #9
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by rosol View Post
    XXXXX ERROR: failed to create jetty.pkcs12
    No certificate matches private key

    What does it mean? How to fix it?
    There are several threads that cover this issue, do any of them help?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    rosol is offline Intermediate Member
    Join Date
    Apr 2010
    Posts
    19
    Rep Power
    5

    Default

    Thank you for replay.
    This thread work for me fine:
    [SOLVED] Certificate problem with 6.0.5

    Again thank you for good advice.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 14
    Last Post: 06-15-2012, 10:07 AM
  2. Commercial SSL certificate issue after upgrade
    By fernandomm in forum Administrators
    Replies: 3
    Last Post: 02-24-2010, 08:31 AM
  3. [SOLVED] Installing a commercial SSL certificate
    By sdrury in forum Administrators
    Replies: 4
    Last Post: 10-30-2009, 01:37 PM
  4. [SOLVED] Commercial Certificate issue - thawte - again
    By galezer in forum Administrators
    Replies: 7
    Last Post: 06-26-2008, 02:07 AM
  5. Installing a Commercial certificate
    By moetiker in forum Installation
    Replies: 4
    Last Post: 03-27-2008, 06:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •