Sorry- Your right. I thought there was a something else (which isn't there anymore) in there.
Did you try to convert your certificate and key files to a combined PKCS12 format certificate?
LinkBack URL
About LinkBacks
Former Zimbran
Sorry- Your right. I thought there was a something else (which isn't there anymore) in there.
Did you try to convert your certificate and key files to a combined PKCS12 format certificate?
Junior Member
Yes, I converted the PEM certficiate + key to PKCS12 format. I received no errors when doing so. The following command shows the correct certificate details :
<code>openssl pkcs12 -in cert.pkcs12</code>
So I don't believe the PKCS12 version of the cert is corrupted or broken.
Junior Member
At wit's end, I finally decided to give try Keytool IUI Plus, as mentioned in this comment:
http://www.zimbra.com/forums/adminis...html#post53252
The process was not at all intuitive, but I have finally produced a keystore file which tomcat accepts. I can access my Zimbra installation via https on tcp 443 and 7071; I don't get browser warnings about the certificate; and displaying the certificate details from within my browser shows that it is using the cert we bought.
Here's how I did it with Keytool IUI. This is likely incomplete, as I wasn't diligently taking notes since I didn't actually expect it to work.
* convert the certificate + key into PKCS12 format, using "zimbra" as the export password (openssl -inkey cert.key -in cert.pem -export -out cert.p12)
* start Keytool IUI ( ./run_ktl_plus.sh )
* Create Keystore -- use "zimbra" as the password
* Import Private key from other keystore
** select PKCS12 as the format, and open cert.p12 (the PKCS12 version of the certificate)
** use "zimbra" as the source keystore password
** select the keystore file you created above, and leave the format at JKS
** use "zimbra" as the target keystore password
* select the certificate, and click OK
* use "tomcat" as the alias for the private key
* use "zimbra" as the password
* click OK
* view the keystore, and confirm that the "tomcat" alias was created
* Back up /opt/zimbra/tomcat/conf/keystore
* stop tomcat
* Install the keystore you just created to /opt/zimbra/tomcat/conf/keystore
* start tomcat
* confirm you can access https://example.com:7071 and https://example.com/
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
