Invalid SSL Certificate

[buee]

I'm throwing in the towel and asking for help on this one.

I bought an SSL certificate from Network Solutions. They have provided me with 4 files:

AddTrustExternalCARoot.crt
server.crt
NetworkSolutions_CA.crt
UTNAddTrustServer_CA.crt

I attempted to load them via the admin console but was met with

Code:

Your certificate was not installed to the error: system failure: IOException while handling uploaded certificate

Through about a dozen different forum threads, here's where I am:

I did:

Code:

cat AddTrustExternalCARoot.crt NetworkSolutions_CA.crt UTNAddTrustServer_CA.crt >> ca_bundle.crt

Code:

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /root/certs/server.crt
** Verifying /root/certs/server.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/root/certs/server.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /root/certs/server.crt: OK

Then, when I do:

Code:

/opt/zimbra/bin/zmcertmgr deploycrt comm /root/certs/server.crt /root/certs/ca_bundle.crt
** Verifying /root/certs/server.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/root/certs/server.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Error loading file /root/certs/ca_bundle.crt
47558887958896:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:795:
47558887958896:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:by_file.c:280:
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...
recognized usages:
   sslclient    SSL client
   sslserver    SSL server
   nssslserver  Netscape SSL server
   smimesign    S/MIME signing
   smimeencrypt S/MIME encryption
   crlsign      CRL signing
   any          Any Purpose
   ocsphelper   OCSP helper
   timestampsign        Time Stamp signing
XXXXX ERROR: Invalid Certificate:
XXXXX ERROR: provided cert isn't valid.

As you can probably tell by now, I've never dealt with certificates before so I'm definitely on the losing end here.

Along with threads, I've been following Administration Console and CLI Certificate Tools - Zimbra :: Wiki and this is where I am now stuck.

[bdial]

did you make sure your all your crt files have proper newlines at the end? if not it will mess then up when it concatonates them

[buee]

Nope. Do I need a blank line between the entries or just have each entry on its own line?

[bdial]

just make sure at teh end of the ssl certfiicat where you have the line


-----END CERTIFICATE-----

that there is a new line at the end of that. if you open it in a text edit you shoudl be able to scroll down to the next line. if you can't, go to the end of that line and hit enter. if you don't, then when it concatonates the certificates you'll wind up with a line that looks like


-----END CERTIFICATE----------BEGIN CERTIFICATE-----

[buee]

Quote:

Originally Posted by bdial

just make sure at teh end of the ssl certfiicat where you have the line


-----END CERTIFICATE-----

that there is a new line at the end of that. if you open it in a text edit you shoudl be able to scroll down to the next line. if you can't, go to the end of that line and hit enter. if you don't, then when it concatonates the certificates you'll wind up with a line that looks like


-----END CERTIFICATE----------BEGIN CERTIFICATE-----

Thank you, that got me further, but now I get:

Code:

XXXXX ERROR: failed to create jetty.pkcs12

[buee]

Ok, I got it by following the instructions here Can't install ca_cert certificates

Now, when a user connects via a client such as Outlook with SSL enabled, it still gives them a certificate error and they have to click Yes to continue. I thought that is the point of the SSL certificate, so that those security warnings don't come up.

[zakai]

I was having all kinds of problems with netsol cert as well. I gave up and use digicert.