We have received Commercial certificate from Thawte which is SGC SuperCert
for Zimbra which is on Tomcat.
(Release 6.0.9_GA_2686.RHEL5_64_20101115224141 RHEL5_64 NETWORK edition)
What we have received from Thawte is X-509 and PKCS 7 format certificates which are in .txt format.
When we try installing the same in Admin GUI and through zmcertmgr deploy commands, the certificate verification/ installation fails.
The error is;
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/ca1.crt ** Verifying /tmp/ca1.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key unable to load Private Key 8729:error:0906D06C:PEM routines:PEM_read_bio:no start line
em_lib.c:650:Expecting: ANY PRIVATE KEY unable to load certificate 8732:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316: 8732:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509_CINF 8732:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=cert_info, Type=X509 8732:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib
em_oth.c:83: Certificate (/tmp/ca1.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match. Error loading file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
Can some one please advice,
The CSR was generated from Zimbra Admin GUI for *.domain.com (Wild card Domain), and the received certificate was for mail.domain.com.
What is the correct procedure to generate the CSR, get Thawte Commercial certificate and install the same.
Tried the methods described in forums also and these have failed.
Bugzilla
Wiki
Source
Unable to Install Thawte SGC SuperCert Commercial Certificate 
Linear Mode
