Domain certifiate import error

[solignis]

Hi there I have done a bit of searching on the forums and cannot seem to find an answer to my issue.

I am trying to add an SSL cert to a domain in Zimbra. The SSL cert I am using is generated with OpenSSL using a GUI called XCA.

I login into the Zimbra Admin Control Panel, click on the domain and click on the Certificate tab.

Then I export out the CA and the Cert and combine them into a chain with Notepad++ and then copy the whole thing into the left side of the admin control panel when it says to add the certificate.

Then I export the Certificate private key and paste it into the right side of the admin control panel.

When I hit save I get a box saying "Private Key is necessary", the odd thing is if I click on the text box that contains the cert and then it hit save again the error changes to "Invalid Certificate of Private Key".

What is going on? I am pretty sure I am doing everything right. Any insight to this would be greatly appreciated.

Thanks.

[jummo]

Have you read "Installing a SSL Certificate for a Domain" (Page 83) of the Zimbra OS Admin Guide 7.1?

You must setup Zimbra Proxy to support per domain ssl certificates.

[solignis]

Quote:

Originally Posted by jummo

Have you read "Installing a SSL Certificate for a Domain" (Page 83) of the Zimbra OS Admin Guide 7.1?

You must setup Zimbra Proxy to support per domain ssl certificates.

I have read it now. The only question I have now is if I can use the same virtual IP address for each domain? Or does it have to be a true unique address?

**Update**

I installed Zimbra proxy and followed the section on "Installing a SSL Certificate for a Domain".

My zmprov command looked like this

Code:

zmprov md solignis.com +zimbraVirtualHostName mail.solignis.com +zimbraVirtualIPAddress 10.0.0.18

The IP Address of the server on my LAN is 10.0.0.18.

I then attemped to install the cert the same as before using the Admin Control Panel. It is still giving me the same error.

Invalid certificate or private key.

I even generated a new CA, cert and key just to be sure it was not something with the SSL cert.

[jummo]

Quote:

Originally Posted by solignis

I have read it now. The only question I have now is if I can use the same virtual IP address for each domain? Or does it have to be a true unique address?

Apache 2.2.12 can use the Server Name Indication feature. I think Zimbra can't handle this, because it isn't mention in the documentation. Maybe a RFE is available (Zimbra Bugzilla).

[solignis]

Ok so I have to use a unique address?

[jummo]

Yes, for each certificate you will need a unique IP address.

[solignis]

Quote:

Originally Posted by jummo

Yes, for each certificate you will need a unique IP address.

That is what ended up doing. It seems my problem is with the cert themselves. I tried taking the cert bundle and the private key and running them through zmcermgr -verifycrt and it returned

Code:

error 20 at 0 depth lookup:unable to get local issuer certificate

So something I am doing when creating the certs is breaking it.