Results 1 to 7 of 7

Thread: Domain certifiate import error

  1. #1
    solignis is offline Member
    Join Date
    Jun 2011
    Location
    Cuyahoga Falls
    Posts
    11
    Rep Power
    3

    Default Domain certifiate import error

    Hi there I have done a bit of searching on the forums and cannot seem to find an answer to my issue.

    I am trying to add an SSL cert to a domain in Zimbra. The SSL cert I am using is generated with OpenSSL using a GUI called XCA.

    I login into the Zimbra Admin Control Panel, click on the domain and click on the Certificate tab.

    Then I export out the CA and the Cert and combine them into a chain with Notepad++ and then copy the whole thing into the left side of the admin control panel when it says to add the certificate.

    Then I export the Certificate private key and paste it into the right side of the admin control panel.

    When I hit save I get a box saying "Private Key is necessary", the odd thing is if I click on the text box that contains the cert and then it hit save again the error changes to "Invalid Certificate of Private Key".

    What is going on? I am pretty sure I am doing everything right. Any insight to this would be greatly appreciated.

    Thanks.

  2. #2
    jummo is offline Special Member
    Join Date
    May 2009
    Location
    Bremen, Germany
    Posts
    122
    Rep Power
    5

    Default

    Have you read "Installing a SSL Certificate for a Domain" (Page 83) of the Zimbra OS Admin Guide 7.1?

    You must setup Zimbra Proxy to support per domain ssl certificates.

  3. #3
    solignis is offline Member
    Join Date
    Jun 2011
    Location
    Cuyahoga Falls
    Posts
    11
    Rep Power
    3

    Default

    Quote Originally Posted by jummo View Post
    Have you read "Installing a SSL Certificate for a Domain" (Page 83) of the Zimbra OS Admin Guide 7.1?

    You must setup Zimbra Proxy to support per domain ssl certificates.
    I have read it now. The only question I have now is if I can use the same virtual IP address for each domain? Or does it have to be a true unique address?

    **Update**

    I installed Zimbra proxy and followed the section on "Installing a SSL Certificate for a Domain".

    My zmprov command looked like this
    Code:
    zmprov md solignis.com +zimbraVirtualHostName mail.solignis.com +zimbraVirtualIPAddress 10.0.0.18
    The IP Address of the server on my LAN is 10.0.0.18.

    I then attemped to install the cert the same as before using the Admin Control Panel. It is still giving me the same error.

    Invalid certificate or private key.

    I even generated a new CA, cert and key just to be sure it was not something with the SSL cert.
    Last edited by solignis; 06-21-2011 at 08:09 AM.

  4. #4
    jummo is offline Special Member
    Join Date
    May 2009
    Location
    Bremen, Germany
    Posts
    122
    Rep Power
    5

    Default

    Quote Originally Posted by solignis View Post
    I have read it now. The only question I have now is if I can use the same virtual IP address for each domain? Or does it have to be a true unique address?
    Apache 2.2.12 can use the Server Name Indication feature. I think Zimbra can't handle this, because it isn't mention in the documentation. Maybe a RFE is available (Zimbra Bugzilla).

  5. #5
    solignis is offline Member
    Join Date
    Jun 2011
    Location
    Cuyahoga Falls
    Posts
    11
    Rep Power
    3

    Default

    Ok so I have to use a unique address?

  6. #6
    jummo is offline Special Member
    Join Date
    May 2009
    Location
    Bremen, Germany
    Posts
    122
    Rep Power
    5

    Default

    Yes, for each certificate you will need a unique IP address.

  7. #7
    solignis is offline Member
    Join Date
    Jun 2011
    Location
    Cuyahoga Falls
    Posts
    11
    Rep Power
    3

    Default

    Quote Originally Posted by jummo View Post
    Yes, for each certificate you will need a unique IP address.
    That is what ended up doing. It seems my problem is with the cert themselves. I tried taking the cert bundle and the private key and running them through zmcermgr -verifycrt and it returned
    Code:
    error 20 at 0 depth lookup:unable to get local issuer certificate
    So something I am doing when creating the certs is breaking it.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 5
    Last Post: 05-11-2012, 02:16 PM
  2. [SOLVED] I broke my server trying to optimize... HELP!
    By myriad in forum Administrators
    Replies: 9
    Last Post: 09-17-2011, 06:46 AM
  3. Replies: 6
    Last Post: 03-14-2011, 04:21 AM
  4. [SOLVED] New zcs 7 install : database errors founds
    By dkbk in forum Administrators
    Replies: 4
    Last Post: 03-01-2011, 06:49 AM
  5. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •