Can't generate CSR for SSL cert

[floor]

I'm trying to generate a CSR to renew the SSL cert for our Zimbra mailserver. We're currently using 6.0.6_GA_2330.UBUNTU6_64.NETWORK.

When I go to Certificates -> Install Certificate -> click on the name of the mailserver -> Generate CSR -> Fill in the information about the mailserver, it does say that the CSR already exists. I dont want to replace the current CSR, so I click Next and then click Download the CSR. A new window pops up, with a 404 error:

Code:

File not found

Firefox can't find the file at https://ourmailserver.company.tld:ad...?action=getCSR.

    *   Check the file name for capitalization or other typing errors.

    *   Check to see if the file was moved, renamed or deleted.

Am I doing something wrong? I have never replaced a SSL cert on a mailserver but I guess this is the way it should be done. Please let me know how I can generate the CSR for our SSL cert. Thanks!

[LMStone]

I'm trying to generate a CSR to renew the SSL cert for our Zimbra mailserver. We're currently using 6.0.6_GA_2330.UBUNTU6_64.NETWORK.

When I go to Certificates -> Install Certificate -> click on the name of the mailserver -> Generate CSR -> Fill in the information about the mailserver, it does say that the CSR already exists. I dont want to replace the current CSR, so I click Next and then click Download the CSR. A new window pops up, with a 404 error:

Code:

File not found

Firefox can't find the file at https://ourmailserver.company.tld:ad...?action=getCSR.

    *   Check the file name for capitalization or other typing errors.

    *   Check to see if the file was moved, renamed or deleted.

Am I doing something wrong? I have never replaced a SSL cert on a mailserver but I guess this is the way it should be done. Please let me know how I can generate the CSR for our SSL cert. Thanks!

We have seen this before; there seems to be a bug in the Admin Console.

You can ssh into the Zimbra server and get the CSR manually either via rsync or by just cat'ing the file to the terminal screen.

The csr file should be located at

Code:

/opt/zimbra/ssl/zimbra/commercial/commercial.csr.

So, from the terminal screen you could run:

Code:

malbec:/opt/zimbra/ssl/zimbra/commercial # cat commercial.csr 
-----BEGIN CERTIFICATE REQUEST-----
<snip>
-----END CERTIFICATE REQUEST-----
malbec:/opt/zimbra/ssl/zimbra/commercial #

Copy and paste the output into the GoDaddy screen and you should be all set.

Hope that helps,
Mark

[floor]

Thanks, I have copied the CSR from the terminal

[LMStone]

Glad that worked for you.

Most of the time we have no problem deploying the SSL cert from the Admin Console (just use the SSL cert itself, the GoDaddy Root and gd_bundle certs), but just in case I'd be prepared to do the deployment from the CLI as well -- just in case!

All the best,
Mark

[floor]

Allright, I've downloaded the certificate I created with the CSR. This is a commercial certificate from Comodo. I received two files:

*.ca-bundle
*.crt

Apparently I'm still missing some files, the CRT file is the certificate for the server but Zimbra also asks for a Root CA and a Intermediate CA. I can't find these files at Comodo's website, how do I get these files? Do I have to create them on the server with these files or something? I cant really find anything about this on the wiki. There is an article about comodo SSL certs with zimbra version 5, but we're running 6.06 on the server.

[floor]

Oh snap, those files are located at Comodo's support center downloads. I got the root/intermediate cert files, but it still doesn't work. When I'm trying to install the files I get this:

Your certificate was not installed due to the error : system failure: IOException while handling uploaded certificate

[LMStone]

We need to see the commandline you ran that generated that error please in order to help!

Mark

[floor]

Well actually I used the admin console to install the certificate. But from what I read in other discussions on the internet, I am supposed to use the servername.ca-bundle file to install the certificate. When I try to upload those files (the cert and the ca-bundle) I get the error in the admin console.

By the way, thanks for your quick replies

[floor]

I followed a tutorial for installing a GoDaddy certificate ( IT Bang Bang: Installing $12.99 GoDaddy SSL Certificate on Zimbra versions 5 and 6 ), with the Comodo root certificate. When I try to upload I get this error, it might give a bit more information about what's going wrong:

Message: Your certificate was not installed due to the error : system failure: IOException while handling uploaded certificate Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: IOException while handling uploaded certificate