Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page ERROR: Unmatching certificate for Geotrust cert - can't install certtificate

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 04-07-2011, 10:27 PM
Active Member
  
Posts: 42
Default ERROR: Unmatching certificate for Geotrust cert - can't install certtificate
Hi,

I just tried to install my new Geo Trust certificate from RapidSSL in my Zimbra 5.0.2 server and I got the following error:

Code:
Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: Unmatching certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair. Error code: ZaCertWizard.prototype.installCallback...
So I went through some of the zimbra wikis and forum to get a few ideas, I copied the new certificate into the same directory that the new private key is located in (above dir), and ran as root the following command while in that dir to verify that the certificate and key matched and got the below:

Code:
 /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key current.crt
** Verifying current.crt against commercial.key
unable to load certificate
31316:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
XXXXX ERROR: Unmatching certificate (current.crt) and private key (commercial.key) pair.
I generated the CSR via Zimbra certificate wizard in admin and submitted it to Geo Trust, originally it would not generate a 2048 certificate so I followed this thread: SSL with a 2048 bit Cert and this wiki: Installing a GeoTrust Commercial Certificate - Zimbra :: Wiki for advice and edited the following file: opt/zimbra/bin/zmcertmgr and I replaced 1024 with 2048 anywhere in the file – I think 1024 was only in two places in the script.

After doing that and saving the changes to the file, Zimbra did generate the 2048 CSR AOK and I was finally able to get my Geo Trust cert after being rejected earlier when submitting the 1024 CSR, so I thought all my problems were solved until I tried to install the cert via Zimbra admin.

I checked the time stamps on both the CSR and the private key and they both were the most current dates – so I know (at least I hope so) that these are the correct CSR and key and cert, so I don't really know what is going wrong here with the new cert - never have this problem when I install certs via CLI and generate CSR's for other domains not associated with Zimbra.

Can anyone please give me a hint as to what to try next?

Thanks very much.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.