| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
06-14-2010, 03:14 AM
| | |  Can't generate CSR for SSL cert
I'm trying to generate a CSR to renew the SSL cert for our Zimbra mailserver. We're currently using 6.0.6_GA_2330.UBUNTU6_64.NETWORK.
When I go to Certificates -> Install Certificate -> click on the name of the mailserver -> Generate CSR -> Fill in the information about the mailserver, it does say that the CSR already exists. I dont want to replace the current CSR, so I click Next and then click Download the CSR. A new window pops up, with a 404 error: Am I doing something wrong? I have never replaced a SSL cert on a mailserver but I guess this is the way it should be done. Please let me know how I can generate the CSR for our SSL cert. Thanks! |
06-14-2010, 06:15 AM
| | |
Quote:
Originally Posted by floor  I'm trying to generate a CSR to renew the SSL cert for our Zimbra mailserver. We're currently using 6.0.6_GA_2330.UBUNTU6_64.NETWORK.
When I go to Certificates -> Install Certificate -> click on the name of the mailserver -> Generate CSR -> Fill in the information about the mailserver, it does say that the CSR already exists. I dont want to replace the current CSR, so I click Next and then click Download the CSR. A new window pops up, with a 404 error: Am I doing something wrong? I have never replaced a SSL cert on a mailserver but I guess this is the way it should be done. Please let me know how I can generate the CSR for our SSL cert. Thanks! | We have seen this before; there seems to be a bug in the Admin Console.
You can ssh into the Zimbra server and get the CSR manually either via rsync or by just cat'ing the file to the terminal screen.
The csr file should be located at Code: /opt/zimbra/ssl/zimbra/commercial/commercial.csr. So, from the terminal screen you could run: Code: malbec:/opt/zimbra/ssl/zimbra/commercial # cat commercial.csr
-----BEGIN CERTIFICATE REQUEST-----
<snip>
-----END CERTIFICATE REQUEST-----
malbec:/opt/zimbra/ssl/zimbra/commercial # Copy and paste the output into the GoDaddy screen and you should be all set.
Hope that helps,
Mark
__________________
___________________________________ L. Mark Stone, CIO  "Uptime. All the time."
477 Congress Street | Portland, ME 04101-3431 | (207) 772-5678
proactive maintenance and monitoring | technology consulting
Zimbra groupware | EMR implementations | private cloud hosting
|
06-14-2010, 06:31 AM
| | |
Thanks, I have copied the CSR from the terminal  |
06-14-2010, 06:38 AM
| | |
Glad that worked for you.
Most of the time we have no problem deploying the SSL cert from the Admin Console (just use the SSL cert itself, the GoDaddy Root and gd_bundle certs), but just in case I'd be prepared to do the deployment from the CLI as well -- just in case!
All the best,
Mark
__________________
___________________________________ L. Mark Stone, CIO "Uptime. All the time."
477 Congress Street | Portland, ME 04101-3431 | (207) 772-5678
proactive maintenance and monitoring | technology consulting
Zimbra groupware | EMR implementations | private cloud hosting
|
06-21-2010, 01:36 AM
| | |
Allright, I've downloaded the certificate I created with the CSR. This is a commercial certificate from Comodo. I received two files:
*.ca-bundle
*.crt
Apparently I'm still missing some files, the CRT file is the certificate for the server but Zimbra also asks for a Root CA and a Intermediate CA. I can't find these files at Comodo's website, how do I get these files? Do I have to create them on the server with these files or something? I cant really find anything about this on the wiki. There is an article about comodo SSL certs with zimbra version 5, but we're running 6.06 on the server. |
06-21-2010, 01:43 AM
| | |
Oh snap, those files are located at Comodo's support center downloads. I got the root/intermediate cert files, but it still doesn't work. When I'm trying to install the files I get this:
Your certificate was not installed due to the error : system failure: IOException while handling uploaded certificate |
06-21-2010, 08:31 AM
| | |
We need to see the commandline you ran that generated that error please in order to help!
Mark
__________________
___________________________________ L. Mark Stone, CIO "Uptime. All the time."
477 Congress Street | Portland, ME 04101-3431 | (207) 772-5678
proactive maintenance and monitoring | technology consulting
Zimbra groupware | EMR implementations | private cloud hosting
|
06-21-2010, 10:21 PM
| | |
Well actually I used the admin console to install the certificate. But from what I read in other discussions on the internet, I am supposed to use the servername.ca-bundle file to install the certificate. When I try to upload those files (the cert and the ca-bundle) I get the error in the admin console.
By the way, thanks for your quick replies |
06-24-2010, 10:45 PM
| | |
I followed a tutorial for installing a GoDaddy certificate ( IT Bang Bang: Installing $12.99 GoDaddy SSL Certificate on Zimbra versions 5 and 6 ), with the Comodo root certificate. When I try to upload I get this error, it might give a bit more information about what's going wrong:
Message: Your certificate was not installed due to the error : system failure: IOException while handling uploaded certificate Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: IOException while handling uploaded certificate | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
