[SOLVED] Installing GoDaddy SSL Cert in Zimbra 6.0.7

[tbarhorst]

I generated a CSR request from within the Zimbra admin GUI and have downloaded a Zip file from GoDaddy that contains gd_bundle, gd_cross_intermediate, gd_intermediate and xxx.domain.com

I am trying to install in the admin GUI but it's not clear which files to install where.

I am asked for files for these three locations. Certificate: Root CA: and Intermediate CA:

Can anyone provide assistance as to what I need to plugin and where?

[phoenix]

Try some of the solutions in these threads: site:zimbra.com +godaddy +solved - Yahoo! Search Results

[UMDjwain]

Easiest way- forget the GUI.

All you need from GD is gd_bundle. Make sure the keyfile you want to go with the cert is copied to /opt/zimbra/ssl/zimbra/commercial as commercial.key, then run (as root):

/opt/zimbra/bin/zmcertmgr deploycrt comm <mycertfile> <gd_bundle>

[tbarhorst]

O.K. but how do I determine the correct keyfile? i.e. <mycertfile>
And do I use the Tomcat or Apache files from GD?

Thanks!

[UMDjwain]

the keyfile goes along with the csr request- so if you generated a commercial csr from zimbra, the commercial.key should already be in the right place for you.

You shouldn't need to worry about the tomcat/apache services.

[tbarhorst]

Well it appears that key isn't valid. How did that happen?

/opt/zimbra/bin/zmcertmgr deploycrt comm /usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt
** Verifying /usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid.

[jrefl5]

Did you pull the TOMCAT, or Apache?

I had problems with the Apache key when I last update my GD cert, but the Tomcat one went in ok via the CLI interface.

[tbarhorst]

I've tried them both with the same result.

[UMDjwain]

Quote:

Originally Posted by tbarhorst

Well it appears that key isn't valid. How did that happen?

/opt/zimbra/bin/zmcertmgr deploycrt comm /usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt
** Verifying /usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid.

You should be verifying your certificate against the commercial key, not godaddy's bundle. The zmcertmgr command line needs both your cert and godaddy's to work- zmcertmgr deploycrt comm <mycert> <godaddycert>

[tbarhorst]

Still get the same error.. I'm not at all sure where to go from here.


/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /usr/local/src/CERTIFICATE_GODADDY/gd_bundle.crt
** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.key against /opt/zimbra/ssl/zimbra/commercial/commercial.key
unable to load certificate
17798:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:650:Expecting: TRUSTED CERTIFICATE
XXXXX ERROR: Unmatching certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.key) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid.