[SOLVED] export certificate to zimbra

**diegolcf** · 02-20-2011, 05:10 PM

hi folks,

i already read tutorials about import certificates to zimbra in wiki, but i don't get import the certificates from my external openldap server, that authenticate zimbra users , so when i check the option to use ssl, a series of warms shows in the debug box, alert me that certificate is not valid...

i configured my certicates and CA as follow, using openssl:

#generate CA
$ /usr/lib/ssl/misc/CA.pl -newca

#generate certificates
$ /usr/lib/ssl/misc/CA.pl -newreq

# so i have the private key (newkey.pem), and the public key (newreq.pem)

#i sign the certificate
$ /usr/lib/ssl/misc/CA.pl -sign

# this generate a sign public key called newcert.pem

# now i remove the password from private key
$ openssl rsa -in newkey.pem -out newkey.nopass.pem

# In final i have this files
newcert.pem newkey.nopass.pem newkey.pem newreq.pem

# and my ca is called cacert.pem

in slapd.conf i set TLSVerifyClient as never...

so folks, how can i solve this problem ?

ps. sorry about my english

**diegolcf** · 02-21-2011, 12:13 PM

i use this command to import certificate
/opt/zimbra/java/bin/keytool -import -file cacert.pem -keystore /opt/zimbra/java/jre/lib/security/cacerts -alias <alias>

and shows this message
keytool error: java.lang.Exception: Input not an X.509 certificate

**diegolcf** · 02-22-2011, 05:32 PM

it's quite simple to solve this problem....

1) first convert a CA certificate to DER format
$openssl x509 -in cacert.pem -inform PEM -out cacert.der -outform DER

2) then, make a import
$ /opt/zimbra/java/bin/keytool -import -file cacert.der -keystore /opt/zimbra/java/jre/lib/security/cacerts -alias <alias>

ps. forum administrator, please, help-me to change the title of this post, the correct is import zimbra certificate, not export certificate

**maumar** · 04-18-2011, 02:54 AM

can be used this for comercial certs?
i am having trouble to import a commercial rapid ssl cert, the error is the same:

Code:

/opt/zimbra/log/scripts/rapid-ssl ]# /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/log/scripts/rapid-ssl/commercial.crt /opt/zimbra/log/scripts/rapid-ssl/commercial_ca.crt 
** Verifying /opt/zimbra/log/scripts/rapid-ssl/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/opt/zimbra/log/scripts/rapid-ssl/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /opt/zimbra/log/scripts/rapid-ssl/commercial.crt: OK
** Copying /opt/zimbra/log/scripts/rapid-ssl/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain /opt/zimbra/log/scripts/rapid-ssl/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...failed.
XXXXX ERROR: failed to import certficate.

Errore keytool: java.lang.Exception: L'input non è un certificato X.509

the commercial rapid was one with 1024 bits, and is expired just yesterday

**maumar** · 04-18-2011, 02:56 AM

Originally Posted by diegolcf

$ /opt/zimbra/java/bin/keytool -import -file cacert.der -keystore /opt/zimbra/java/jre/lib/security/cacerts -alias <alias>

what should be used as alias?
what do you used?

tia

**maumar** · 04-18-2011, 03:21 AM

there was a 0a as first char of commercial_ca.crt, glub ;(

Zimbra

Thread: [SOLVED] export certificate to zimbra

LinkBack

Thread Tools

Search Thread

Display

[SOLVED] export certificate to zimbra

Thread Information

Users Browsing this Thread

Similar Threads

Big Fubar on 5 FOSS GA Upgrade

Cleanup after many upgrades

zmtlsctl give LDAP error

dspam logrotate errors

huge log size

Posting Permissions