Results 1 to 2 of 2

Thread: [SOLVED] Deploy new commercial certificate

  1. #1
    CrypTom is offline Project Contributor
    Join Date
    Aug 2006
    Posts
    33
    Rep Power
    8

    Angry [SOLVED] Deploy new commercial certificate

    Hi all

    I'm running Zimbra OpenSource Edition 6.0.7 and my commercially signed certificate is about to expire in 2 days. I ordered a new certificate, this time a wildcard certificate as we also have other servers using ssl in the same domain.

    I copied the private key file (commercial.key) to the appropriate location /opt/zimbra/ssl/zimbra/commercial, changed the owner to zimbra.zimbra and made sure, the permissions are -rw-------. The certificate and the root certificate including the chain are located in /root/certs/commercial.crt and /root/certs/commercial_ca.crt respectively. I followed the following howto:
    Preexisting Certifcate Installation for Zimbra 6.0 - Zimbra :: Wiki

    Then, the command
    Code:
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial.key commercial.crt commercial_ca.crt
    runs all ok.

    But the following command fails:
    Code:
    root@hermes:~/certs# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt 
    ** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: commercial.crt: OK
    ** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...failed.
    XXXXX ERROR: failed to import certficate.
    
    Keytool-Fehler: java.lang.Exception: Eingabe kein X.509-Zertifikat

    I cannot even reinstall the still valid certificate I was using until now! The same error appears.

    I was able to install a self-signed cert using the following howto:
    Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    If I restart trying to install the commercial cert it fails as above.

    What can I do to successfully install the commercial cert? I'm not willing to use the self-signed cert as my 150+ users will get error messages...

    Any help would be very much appreciated, thanks!
    CrypTom

  2. #2
    CrypTom is offline Project Contributor
    Join Date
    Aug 2006
    Posts
    33
    Rep Power
    8

    Arrow Cert-File Format

    I was able to solve the problem.

    My new cert file (including the CA's root cert file) looked as follows:
    Code:
    subject=/CN=*.ourdomain.ch/Email=support@ourdomain.ch
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    I had to delete the "subject=..." line before
    "-----BEGIN CERTIFICATE-----". So it seems that the "-----BEGIN CERTIFICATE-----" line absolutely has to be the file's first line!

    So I wondered why my old (still valid) certificate could not be deployed and I inspected it crt file. I found that there was an empty line before the "-----BEGIN CERTIFICATE-----" line.

    Which means that the certificate management behavior changed from Zimbra version 6.0.6 to 6.0.7, because I was able to install the old cert with Zimbra 6.0.6, but not with 6.0.7.

    As a consequence, check the certificate's file format carefully, there should be nothing before "-----BEGIN CERTIFICATE-----", but one empty line after "-----END CERTIFICATE-----".

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. [SOLVED] Installing commercial certificate issue
    By rosol in forum Administrators
    Replies: 10
    Last Post: 05-16-2010, 12:15 PM
  3. Problem with Commercial Certificate in 5.0.9 GA
    By bibo in forum Administrators
    Replies: 3
    Last Post: 09-17-2008, 06:03 AM
  4. [SOLVED] Commercial Certificate issue - thawte - again
    By galezer in forum Administrators
    Replies: 7
    Last Post: 06-26-2008, 02:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •