Results 1 to 4 of 4

Thread: [SOLVED] Problem with commercial certificate

  1. #1
    ppaixao's Avatar
    ppaixao is offline Intermediate Member
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    15
    Rep Power
    6

    Default [SOLVED] Problem with commercial certificate

    Hello, I've been trying to install a commercial certificate I've just purchased and am having trouble due to the ca certificate chain.

    The CA has given me my certificate and one file representing the certificate chain. I tried to install it through the web admin console but it gives one error:
    Code:
    invalid request: missing required attribute: server Código de erro: service.INVALID_REQUEST Method: GetCertRequest Detalhes:soap:Sender
    I googled it and seems like many people can't install it using the admin console so I just went with the command line alternative.

    Code:
    [root@mail 20101116]# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key xxxxxxx.crt ca.crt
    ** Verifying xxxxxxx.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (xxxxxxx.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: xxxxxxx.crt: OK
    No problems validating it.... however when I try to install it:

    Code:
    [root@mail 20101116]# /opt/zimbra/bin/zmcertmgr deploycrt comm xxxxxxx.crt ca.crt    ** Verifying xxxxxxx.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (xxxxxxx.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: xxxxxxx.crt: OK
    ** Copying xxxxxxx.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
    ** NOTE: mailboxd must be restarted in order to use the imported certificate.
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.
    
    XXXXX ERROR: failed to create jetty.pkcs12
    No certificate matches private key
    However.. I found where the command fails, read the log and it states:

    Code:
    [root@mail 20101116]# cat /tmp/zmcertmgr.F31510
    No certificate matches private key
    And, when I try to import the certificate without the ca certificate chain it just...works.... :

    Code:
    [root@mail 20101116]# /opt/zimbra/bin/zmcertmgr deploycrt comm xxxxxxx.crt
    ** Verifying xxxxxxx.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (xxxxxxx.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: xxxxxxx.crt: OK
    ** Copying xxxxxxx.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    However this doesn't make my certificate valid because the chain doesn't gets installed.... any help will be appreciated

    Thank you

    PS: Using ZCS 6.0.8 with Patch 2685 applied.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    You should update your forum profile with the correct version information from the command:

    Code:
    zmcontrol -v
    Have you tried some of the solutions in the forums: site:zimbra.com +"No certificate matches private key" +solved - Yahoo! Search Results It would also help, when posting certificate problems, if you mention which type or Certificate you're trying to install.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    ppaixao's Avatar
    ppaixao is offline Intermediate Member
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    15
    Rep Power
    6

    Default

    Profile updated.

    Thanks

  4. #4
    demenskan is offline Starter Member
    Join Date
    Apr 2012
    Posts
    1
    Rep Power
    3

    Default

    I had the same problem, and what it worked was mixing the intermediate CA's file as long as the origin's root CA file (in my case: verisign) with the CAT command (cat intermediate.crt root.crt > ca.crt) and using the result file as the CA's certificate.


    cheers!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. Certificate problem with SMTP using TLS
    By yuit in forum Installation
    Replies: 4
    Last Post: 11-02-2006, 06:03 PM
  3. Certificate problem following 3.1.0 -> 4.0 upgrade
    By simonellistonball in forum Migration
    Replies: 5
    Last Post: 09-26-2006, 01:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •