Domain certifiate import error

**solignis** · 06-20-2011, 06:35 PM

Hi there I have done a bit of searching on the forums and cannot seem to find an answer to my issue.

I am trying to add an SSL cert to a domain in Zimbra. The SSL cert I am using is generated with OpenSSL using a GUI called XCA.

I login into the Zimbra Admin Control Panel, click on the domain and click on the Certificate tab.

Then I export out the CA and the Cert and combine them into a chain with Notepad++ and then copy the whole thing into the left side of the admin control panel when it says to add the certificate.

Then I export the Certificate private key and paste it into the right side of the admin control panel.

When I hit save I get a box saying "Private Key is necessary", the odd thing is if I click on the text box that contains the cert and then it hit save again the error changes to "Invalid Certificate of Private Key".

What is going on? I am pretty sure I am doing everything right. Any insight to this would be greatly appreciated.

Thanks.

**jummo** · 06-21-2011, 12:36 AM

Have you read "Installing a SSL Certificate for a Domain" (Page 83) of the Zimbra OS Admin Guide 7.1?

You must setup Zimbra Proxy to support per domain ssl certificates.

**solignis** · 06-21-2011, 07:06 AM

Originally Posted by jummo

Have you read "Installing a SSL Certificate for a Domain" (Page 83) of the Zimbra OS Admin Guide 7.1?

You must setup Zimbra Proxy to support per domain ssl certificates.

I have read it now. The only question I have now is if I can use the same virtual IP address for each domain? Or does it have to be a true unique address?

**Update**

I installed Zimbra proxy and followed the section on "Installing a SSL Certificate for a Domain".

My zmprov command looked like this

Code:

zmprov md solignis.com +zimbraVirtualHostName mail.solignis.com +zimbraVirtualIPAddress 10.0.0.18

The IP Address of the server on my LAN is 10.0.0.18.

I then attemped to install the cert the same as before using the Admin Control Panel. It is still giving me the same error.

Invalid certificate or private key.

I even generated a new CA, cert and key just to be sure it was not something with the SSL cert.

**jummo** · 06-21-2011, 08:16 AM

Originally Posted by solignis

I have read it now. The only question I have now is if I can use the same virtual IP address for each domain? Or does it have to be a true unique address?

Apache 2.2.12 can use the Server Name Indication feature. I think Zimbra can't handle this, because it isn't mention in the documentation. Maybe a RFE is available (Zimbra Bugzilla).

**solignis** · 06-21-2011, 08:30 AM

Ok so I have to use a unique address?

**jummo** · 06-22-2011, 02:32 AM

Yes, for each certificate you will need a unique IP address.

**solignis** · 06-22-2011, 10:12 AM

Originally Posted by jummo

Yes, for each certificate you will need a unique IP address.

That is what ended up doing. It seems my problem is with the cert themselves. I tried taking the cert bundle and the private key and running them through zmcermgr -verifycrt and it returned

Code:

error 20 at 0 depth lookup:unable to get local issuer certificate

So something I am doing when creating the certs is breaking it.

Zimbra

Thread: Domain certifiate import error

LinkBack

Thread Tools

Search Thread

Display

Domain certifiate import error

Thread Information

Users Browsing this Thread

Similar Threads

[SOLVED] Zimbra 7 nach Upgrade: Database Integrity check report

[SOLVED] I broke my server trying to optimize... HELP!

[SOLVED] Database errors found after migration to 7.0.0

[SOLVED] New zcs 7 install : database errors founds

Zimbra fails after working for 2 weeks

Posting Permissions