Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: [SOLVED] Network Solutions Certs - certs do not verify

  1. #1
    tribear is offline Senior Member
    Join Date
    Oct 2009
    Location
    North Carolina, USA
    Posts
    58
    Rep Power
    5

    Cool [SOLVED] Network Solutions Certs - certs do not verify

    Folks, I tried to install my Network Solutions Certs with mixed results.

    =============

    I rechecked the certs and ran into this error:
    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Error loading file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
    31878:error:0906D066:PEM routines:PEM_read_bio:bad end lineem_lib.c:749:
    31878:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:by_file.c:280:

    I is suggested that I add new lines in two of the certs that "AddTrustExternalCARoot.crt" and "NetworkSolutions_CA.crt" files _only_.

    How is the best way to make that change? Simply hit return at the end of the file or some other code?

    I tried this one other time and must have done something wrong.

    Suggestions Please.

    Tribear
    Last edited by tribear; 07-06-2010 at 04:59 PM.

  2. #2
    tribear is offline Senior Member
    Join Date
    Oct 2009
    Location
    North Carolina, USA
    Posts
    58
    Rep Power
    5

    Default No Responses

    Hello out there...I guess I am alone on this one...no responses from anyone?

    -- It is disappointing that this software is so difficult to work with on such important matters such as security. Installing cerificates from various vendors should be very easy to do. You always seem to have to do some CL magic to get things working. Even then its hit or miss - no clear documentation anywhere.

    I have used VM products for years and they all work..... I hope VM can clean up this product so many of us - with start up companies will feel confident in the software when its time to expand and that includes buying Zimbra vs Lotus Notes or others who do a better job.

    If I do not get any responses today I will kill off this thread.

    Tribear
    Last edited by tribear; 07-07-2010 at 08:28 AM. Reason: Wording Errors

  3. #3
    tribear is offline Senior Member
    Join Date
    Oct 2009
    Location
    North Carolina, USA
    Posts
    58
    Rep Power
    5

    Default Finding some answers and experimenting.

    Ok...

    Found some answers that helped.
    So far the CAT of certs >> commercial_CA.crt worked out with lines added to certs 1 & 2.
    After running the verify on comm certs got the messages I needed to deploy. After running deploy all ran OK until the end.
    Creating the pkcs12 file is still an issue.

    I need some help on this one... any ideas from anyone would be helpful.

    Tribear

    [root@mail1 commercial]# /opt/zimbra/bin/zmcertmgr verifycrt comm

    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK
    [root@mail1 commercial]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt

    ** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: commercial.crt: OK

    ** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    cp: `commercial.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial.crt' are the same file

    ** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    cp: `commercial_ca.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' are the same file

    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

    XXXXX ERROR: failed to create jetty.pkcs12
    No certificate matches private key
     

  4. #4
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    10

  5. #5
    tribear is offline Senior Member
    Join Date
    Oct 2009
    Location
    North Carolina, USA
    Posts
    58
    Rep Power
    5

    Default

    Ok... After discovering that my commercial.crt also need a CR at the end of the file so the deploy command can properly append the commercial_ca.crt - I reran the verify and deploy commands. Looks good!? - don't be foooled.


    On restart the logger gets upset. see below.

    bdial - got any other ideas?

    [root@mail1 commercial]# /opt/zimbra/bin/zmcertmgr verifycrt comm
    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK
    [root@mail1 commercial]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
    ** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: commercial.crt: OK
    ** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    cp: `commercial.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial.crt' are the same file
    ** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    cp: `commercial_ca.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' are the same file
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    ------------------------------------------------------------
    [zimbra@mail1 root]$ zmcontrol start
    Host mail1.xxxxxxxxxxx.com
    Starting ldap...Done.

    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Starting logger...Failed.

    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target)
    zimbra logger service is not enabled! failed.
     
    Starting mailbox...Done.
    Starting memcached...Done.
    Starting imapproxy...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats...Done.

  6. #6
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    10

    Default

    try the solution in this thread

    [SOLVED] GoDaddy + ZCS 6 = FAIL

  7. #7
    alam is offline Intermediate Member
    Join Date
    Jun 2007
    Posts
    15
    Rep Power
    7

    Default

    Hi, I'm not sure if I should start a new thread or reply to this one, but I'm having a similar issue with my Network Solutions cert. I'm trying to renew my SSL cert. Everything looked like it validated correctly. I download the .crt files and proceed to install it. When I run

    /opt/zimbra/bin/zmcertmgr verifycrt comm


    I get

    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    XXXXX ERROR: Unmatching certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.


    I'm not sure why it's happening. Everything seems correct. I tried it several times. I successfully did this two years ago so I'm just following the same steps. It's based on these instructions Installing a Network Solutions Certificate on ZCS 5.0.x - Zimbra :: Wiki

    Any help is appreciated. I'm stumped at this point. Thank you very much!

  8. #8
    tribear is offline Senior Member
    Join Date
    Oct 2009
    Location
    North Carolina, USA
    Posts
    58
    Rep Power
    5

    Default

    Well... after all this messing around... I got tired of the certificate issues and asked Network Solutions to reissue mine.

    I will start back at this when they arrive.... tune in later... to be continued.

    Tribear

  9. #9
    tribear is offline Senior Member
    Join Date
    Oct 2009
    Location
    North Carolina, USA
    Posts
    58
    Rep Power
    5

    Unhappy Network Solutions Certs Verify and Install - Now Zimbra will not start - Need help!

    I am back.....Network Solutions sent me some new certificates and I started back from where I left off. I Tried the usual steps posted here and gave up. I said, Hmmmm lets retry the Admin Web UI?
    I finally got the certificates to install from the Admin Web UI while on the actual server's console.
    I had to rub my eyes to believe it. I choose my MAIL1.xxxxxx.crt , AddTrustExternalCARoot.crt, intermediate crts: - NetworkSolutions_CA.crt and UTNAddTrustServer_CA.crt. Hit Enter and closed my eyes.

    Checking the /opt/zimbra/ssl/zimbra/commercial/ directory I could see how each file was automatically renamed with the commercial prefix and you see the commercial.crt, commercial_ca.crt are there. I will paste them into a reader later to see how they where CAT'd together and share that with you.

    Using /opt/zimbra/bin/zmcertmgr viewdeployedcrt I verified the certs are installed.
    Next Step - the big one - zmcontrol stop and start. Cross the fingers here.

    Failures occur with LDAP and Logger - here's the complaint:
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target)
    zimbra logger service is not enabled! failed.

    Now I am searching how to fix this - my server is down.... flat dead.

    Help would be appreciated - Tribear

  10. #10
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    10

    Default

    did you read the godaddy thread i posted where the guy is getting the exact same error you are.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. this is bad? named errors?
    By arisan in forum Administrators
    Replies: 5
    Last Post: 03-25-2010, 02:14 AM
  2. Commercial Certs for Multi-Server Install
    By jterhune in forum Administrators
    Replies: 5
    Last Post: 09-08-2009, 02:21 PM
  3. Note on creating SSL certs in opensource zimbra
    By pheonix1t in forum Administrators
    Replies: 2
    Last Post: 01-17-2009, 08:10 AM
  4. Replies: 1
    Last Post: 12-22-2008, 09:47 PM
  5. upgrading to network edition
    By zzzzsg in forum Installation
    Replies: 11
    Last Post: 03-06-2008, 10:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •