Results 1 to 9 of 9

Thread: Can't generate CSR for SSL cert

  1. #1
    floor is offline Member
    Join Date
    Mar 2010
    Posts
    12
    Rep Power
    5

    Default Can't generate CSR for SSL cert

    I'm trying to generate a CSR to renew the SSL cert for our Zimbra mailserver. We're currently using 6.0.6_GA_2330.UBUNTU6_64.NETWORK.

    When I go to Certificates -> Install Certificate -> click on the name of the mailserver -> Generate CSR -> Fill in the information about the mailserver, it does say that the CSR already exists. I dont want to replace the current CSR, so I click Next and then click Download the CSR. A new window pops up, with a 404 error:

    Code:
    File not found
    
    Firefox can't find the file at https://ourmailserver.company.tld:ad...?action=getCSR.
    
        *   Check the file name for capitalization or other typing errors.
    
        *   Check to see if the file was moved, renamed or deleted.
    Am I doing something wrong? I have never replaced a SSL cert on a mailserver but I guess this is the way it should be done. Please let me know how I can generate the CSR for our SSL cert. Thanks!

  2. #2
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,367
    Rep Power
    10

    Default

    Quote Originally Posted by floor View Post
    I'm trying to generate a CSR to renew the SSL cert for our Zimbra mailserver. We're currently using 6.0.6_GA_2330.UBUNTU6_64.NETWORK.

    When I go to Certificates -> Install Certificate -> click on the name of the mailserver -> Generate CSR -> Fill in the information about the mailserver, it does say that the CSR already exists. I dont want to replace the current CSR, so I click Next and then click Download the CSR. A new window pops up, with a 404 error:

    Code:
    File not found
    
    Firefox can't find the file at https://ourmailserver.company.tld:ad...?action=getCSR.
    
        *   Check the file name for capitalization or other typing errors.
    
        *   Check to see if the file was moved, renamed or deleted.
    Am I doing something wrong? I have never replaced a SSL cert on a mailserver but I guess this is the way it should be done. Please let me know how I can generate the CSR for our SSL cert. Thanks!
    We have seen this before; there seems to be a bug in the Admin Console.

    You can ssh into the Zimbra server and get the CSR manually either via rsync or by just cat'ing the file to the terminal screen.

    The csr file should be located at

    Code:
    /opt/zimbra/ssl/zimbra/commercial/commercial.csr.
    So, from the terminal screen you could run:

    Code:
    malbec:/opt/zimbra/ssl/zimbra/commercial # cat commercial.csr 
    -----BEGIN CERTIFICATE REQUEST-----
    <snip>
    -----END CERTIFICATE REQUEST-----
    malbec:/opt/zimbra/ssl/zimbra/commercial #
    Copy and paste the output into the GoDaddy screen and you should be all set.

    Hope that helps,
    Mark

  3. #3
    floor is offline Member
    Join Date
    Mar 2010
    Posts
    12
    Rep Power
    5

    Default

    Thanks, I have copied the CSR from the terminal

  4. #4
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,367
    Rep Power
    10

    Default

    Glad that worked for you.

    Most of the time we have no problem deploying the SSL cert from the Admin Console (just use the SSL cert itself, the GoDaddy Root and gd_bundle certs), but just in case I'd be prepared to do the deployment from the CLI as well -- just in case!

    All the best,
    Mark

  5. #5
    floor is offline Member
    Join Date
    Mar 2010
    Posts
    12
    Rep Power
    5

    Default

    Allright, I've downloaded the certificate I created with the CSR. This is a commercial certificate from Comodo. I received two files:

    *.ca-bundle
    *.crt

    Apparently I'm still missing some files, the CRT file is the certificate for the server but Zimbra also asks for a Root CA and a Intermediate CA. I can't find these files at Comodo's website, how do I get these files? Do I have to create them on the server with these files or something? I cant really find anything about this on the wiki. There is an article about comodo SSL certs with zimbra version 5, but we're running 6.06 on the server.

  6. #6
    floor is offline Member
    Join Date
    Mar 2010
    Posts
    12
    Rep Power
    5

    Default

    Oh snap, those files are located at Comodo's support center downloads. I got the root/intermediate cert files, but it still doesn't work. When I'm trying to install the files I get this:

    Your certificate was not installed due to the error : system failure: IOException while handling uploaded certificate

  7. #7
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,367
    Rep Power
    10

    Default

    We need to see the commandline you ran that generated that error please in order to help!

    Mark

  8. #8
    floor is offline Member
    Join Date
    Mar 2010
    Posts
    12
    Rep Power
    5

    Default

    Well actually I used the admin console to install the certificate. But from what I read in other discussions on the internet, I am supposed to use the servername.ca-bundle file to install the certificate. When I try to upload those files (the cert and the ca-bundle) I get the error in the admin console.

    By the way, thanks for your quick replies

  9. #9
    floor is offline Member
    Join Date
    Mar 2010
    Posts
    12
    Rep Power
    5

    Default

    I followed a tutorial for installing a GoDaddy certificate ( IT Bang Bang: Installing $12.99 GoDaddy SSL Certificate on Zimbra versions 5 and 6 ), with the Comodo root certificate. When I try to upload I get this error, it might give a bit more information about what's going wrong:

    Message: Your certificate was not installed due to the error : system failure: IOException while handling uploaded certificate Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: IOException while handling uploaded certificate

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 13
    Last Post: 12-18-2012, 05:07 PM
  2. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  3. [SOLVED] Unable to generate commercial CSR
    By patrick.herrington in forum Administrators
    Replies: 7
    Last Post: 12-24-2009, 02:54 AM
  4. Fresh install of NE still cant generate CSR
    By sel5150 in forum Installation
    Replies: 2
    Last Post: 08-13-2009, 05:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •