Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: [SOLVED] Installing GoDaddy SSL Cert in Zimbra 6.0.7

  1. #1
    tbarhorst is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    18
    Rep Power
    5

    Question [SOLVED] Installing GoDaddy SSL Cert in Zimbra 6.0.7

    I generated a CSR request from within the Zimbra admin GUI and have downloaded a Zip file from GoDaddy that contains gd_bundle, gd_cross_intermediate, gd_intermediate and xxx.domain.com

    I am trying to install in the admin GUI but it's not clear which files to install where.

    I am asked for files for these three locations. Certificate: Root CA: and Intermediate CA:

    Can anyone provide assistance as to what I need to plugin and where?


  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,506
    Rep Power
    57

    Default

    Try some of the solutions in these threads: site:zimbra.com +godaddy +solved - Yahoo! Search Results
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    UMDjwain is offline Trained Alumni
    Join Date
    Nov 2008
    Location
    Ann Arbor, MI
    Posts
    46
    Rep Power
    6

    Default

    Easiest way- forget the GUI.

    All you need from GD is gd_bundle. Make sure the keyfile you want to go with the cert is copied to /opt/zimbra/ssl/zimbra/commercial as commercial.key, then run (as root):

    /opt/zimbra/bin/zmcertmgr deploycrt comm <mycertfile> <gd_bundle>

  4. #4
    tbarhorst is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    18
    Rep Power
    5

    Default

    O.K. but how do I determine the correct keyfile? i.e. <mycertfile>
    And do I use the Tomcat or Apache files from GD?

    Thanks!

  5. #5
    UMDjwain is offline Trained Alumni
    Join Date
    Nov 2008
    Location
    Ann Arbor, MI
    Posts
    46
    Rep Power
    6

    Default

    the keyfile goes along with the csr request- so if you generated a commercial csr from zimbra, the commercial.key should already be in the right place for you.

    You shouldn't need to worry about the tomcat/apache services.

  6. #6
    tbarhorst is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    18
    Rep Power
    5

    Default

    Well it appears that key isn't valid. How did that happen?

    /opt/zimbra/bin/zmcertmgr deploycrt comm /usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt
    ** Verifying /usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    XXXXX ERROR: Unmatching certificate (/usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
    XXXXX ERROR: provided cert isn't valid.

  7. #7
    jrefl5 is offline Advanced Member
    Join Date
    Nov 2007
    Location
    AZ, USA
    Posts
    205
    Rep Power
    7

    Default

    Did you pull the TOMCAT, or Apache?

    I had problems with the Apache key when I last update my GD cert, but the Tomcat one went in ok via the CLI interface.

  8. #8
    tbarhorst is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    18
    Rep Power
    5

    Default

    I've tried them both with the same result.

  9. #9
    UMDjwain is offline Trained Alumni
    Join Date
    Nov 2008
    Location
    Ann Arbor, MI
    Posts
    46
    Rep Power
    6

    Default

    Quote Originally Posted by tbarhorst View Post
    Well it appears that key isn't valid. How did that happen?

    /opt/zimbra/bin/zmcertmgr deploycrt comm /usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt
    ** Verifying /usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    XXXXX ERROR: Unmatching certificate (/usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
    XXXXX ERROR: provided cert isn't valid.
    You should be verifying your certificate against the commercial key, not godaddy's bundle. The zmcertmgr command line needs both your cert and godaddy's to work- zmcertmgr deploycrt comm <mycert> <godaddycert>

  10. #10
    tbarhorst is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    18
    Rep Power
    5

    Default

    Still get the same error.. I'm not at all sure where to go from here.


    /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt
    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.key against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    unable to load certificate
    17798:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:650:Expecting: TRUSTED CERTIFICATE
    XXXXX ERROR: Unmatching certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.key) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
    XXXXX ERROR: provided cert isn't valid.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 5
    Last Post: 08-18-2011, 10:15 PM
  2. [SOLVED] parts_decode_ext error
    By jsabater in forum Administrators
    Replies: 7
    Last Post: 10-13-2008, 07:24 AM
  3. Zimbra spam system
    By rajahd in forum Administrators
    Replies: 9
    Last Post: 04-16-2008, 07:25 PM
  4. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  5. Replies: 8
    Last Post: 02-27-2007, 04:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •