Results 1 to 3 of 3

Thread: ZCS 6 and Thawte 2048 bit certs

  1. #1
    jwhitaker is offline Intermediate Member
    Join Date
    Jul 2009
    Location
    Lexington, KY
    Posts
    18
    Rep Power
    5

    Default ZCS 6 and Thawte 2048 bit certs

    We use Thawte for SSL certs and recently had to renew. Certs with a 2048 bit key are now required, and we had to follow something along the lines of this post to get it done:

    New GeoTrust SSL certificates and Android users

    where we used the newer root CA cert from Thawte and the two intermediates bundled, all in the commercial_ca.crt file - this was the only combination that would get past the verifycrt step of the zmcertmgr tool and deploy successfully. Also we had to modify the zmcertmgr tool because 1024 key size is hardcoded.

    All seems OK, but we fail any SSL cert validation tools such as https://ssl-tools.verisign.com - it looks as if we should not be including the root CA cert in the file, but there's no other way to get it to pass the verification step.

    Has anyone else successfully deployed a 2048 bit Thawte cert that passes
    an SSL checker? Thanks.

  2. #2
    iway is offline Partner (VAR/HSP)
    Join Date
    May 2008
    Posts
    432
    Rep Power
    6

    Default

    We have exactly the same problem. It works, but all verification tools complain about the root cert.
    Mobile devices seem to accept the cert, but Windows Mobile needs to import the new cert into the device. Some Android phones also complain about the cert, as do some proxy servers.

    Any suggestions anyone?

  3. #3
    jwhitaker is offline Intermediate Member
    Join Date
    Jul 2009
    Location
    Lexington, KY
    Posts
    18
    Rep Power
    5

    Default

    I opened a ticket with Zimbra support and they basically told me that it appears to be working as designed as far as they are concerned and that we should talk to Thawte about it. I may try to engage them and see what they say, but my guess is that it is going to come down to finger pointing at the tooling that deploys the certs.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Thawte SSL certificate problem
    By iway in forum Administrators
    Replies: 0
    Last Post: 08-09-2011, 09:14 AM
  2. Error al colocar certificado de 2048 bits
    By michaelo20 in forum Spanish
    Replies: 0
    Last Post: 07-21-2011, 02:11 PM
  3. Replies: 2
    Last Post: 01-04-2011, 07:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •