Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-16-2010, 02:31 AM
Member
 
Posts: 12
Default [SOLVED] Problem with commercial certificate

Hello, I've been trying to install a commercial certificate I've just purchased and am having trouble due to the ca certificate chain.

The CA has given me my certificate and one file representing the certificate chain. I tried to install it through the web admin console but it gives one error:
Code:
invalid request: missing required attribute: server Código de erro: service.INVALID_REQUEST Method: GetCertRequest Detalhes:soap:Sender
I googled it and seems like many people can't install it using the admin console so I just went with the command line alternative.

Code:
[root@mail 20101116]# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key xxxxxxx.crt ca.crt
** Verifying xxxxxxx.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (xxxxxxx.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: xxxxxxx.crt: OK
No problems validating it.... however when I try to install it:

Code:
[root@mail 20101116]# /opt/zimbra/bin/zmcertmgr deploycrt comm xxxxxxx.crt ca.crt    ** Verifying xxxxxxx.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (xxxxxxx.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: xxxxxxx.crt: OK
** Copying xxxxxxx.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
** NOTE: mailboxd must be restarted in order to use the imported certificate.
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

XXXXX ERROR: failed to create jetty.pkcs12
No certificate matches private key
However.. I found where the command fails, read the log and it states:

Code:
[root@mail 20101116]# cat /tmp/zmcertmgr.F31510
No certificate matches private key
And, when I try to import the certificate without the ca certificate chain it just...works.... :

Code:
[root@mail 20101116]# /opt/zimbra/bin/zmcertmgr deploycrt comm xxxxxxx.crt
** Verifying xxxxxxx.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (xxxxxxx.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: xxxxxxx.crt: OK
** Copying xxxxxxx.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
However this doesn't make my certificate valid because the chain doesn't gets installed.... any help will be appreciated

Thank you

PS: Using ZCS 6.0.8 with Patch 2685 applied.
Reply With Quote
  #2 (permalink)  
Old 11-16-2010, 04:06 AM
Zimbra Consultant & Moderator
 
Posts: 20,313
Default

You should update your forum profile with the correct version information from the command:

Code:
zmcontrol -v
Have you tried some of the solutions in the forums: site:zimbra.com +"No certificate matches private key" +solved - Yahoo! Search Results It would also help, when posting certificate problems, if you mention which type or Certificate you're trying to install.
__________________
Regards


Bill
Reply With Quote
  #3 (permalink)  
Old 11-16-2010, 04:07 AM
Member
 
Posts: 12
Default

Profile updated.

Thanks
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com




 

SEO by vBSEO ©2011, Crawlability, Inc.