LinkBack URL
About LinkBacks
Active Member
Trouble with SSL Essential Cert install
Hi Folks
Am attempting to install a cert for my mail server. Am getting the errors in the attached screenshots. Could someone help please?
The servername is correct.
The common name on the cert is correct.
I don't choose an intermediate CA file because I have a root bundle.
Any help would be greatly appreciated.
Cheers
Chris
Active Member
Hello,
I've had a similar problem, try installing the certificate manually following this wiki post: 5.x Commercial Certificates Guide - Zimbra :: Wiki
Good Luck,
Paul.
Active Member
Hi Paul
You think this will still work for the 7.2 release? Do you have any idea what that error message is actually saying is wrong?
Cheers
Chris
Active Member
Seriously no idea what's wrong. I followed the guide and everything worked properly.
I run this:
I had the CSR generated by zimbra so the private key and CSR of the certficate were located at /opt/zimbra/ssl/zimbra/commercial under the names: commercial.csr and commercial.key. Make sure that the CA bundle contains the CA certificate in this formatzmcertmgr deploycrt /tmp/server.crt /tmp/ca_bundle.crt
if it's like this fix it:-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCz AJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW 9UcnVzdCBHbG9i
Also check that you are running under root user and that you have the ca_certificates package installed.-----BEGIN CERTIFICATE----- MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCz AJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW 9UcnVzdCBHbG9i
After you installed the certificate you need to enable ssl from zimbra user:
both for http and httpssu zimbra
zmtlsctl both
http for http only
https for https only
mixed for https only at login
redirect https only but redirect if you try to go to http
Good Luck.
Active Member
hi Paul
Sorry to keep coming back - I can't get the zmcertmgr command to work. If I CD to the /opt/zimbra.bin folder as Zimbra user then issue the command I get "must be run as root" but if I su - root and issue the command I get "command not found".
I feel DUMB at this point....
Cheers
Chris
Active Member
Try doing:
sudo bash
cd /opt/zimbra/bin
Active Member
Hi Paul
I get:
bash: zmcertmgr: command not found
I read somewhere that one cannot use the manual option anymore on the latest version. Do you think this could be the cause of this issue?
Cheers
Chris
Active Member
You need to run it like this: ./zmcertmgr parameters
Active Member
Hi Paul
OK - now I get an error which sounds as though the CA bundle needs to be installed first? Here's the result of the command...
** Verifying /root/Downloads/zmail_xxxxx_co_uk/zmail_xxxxx_co_uk.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/root/Downloads/zmail_xxxxx_co_uk/zmail_xxxxx_co_uk.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
XXXXX ERROR: Invalid Certificate: /root/Downloads/zmail_xxxxx_co_uk/zmail_xxxxx_co_uk.crt: C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = SSL Certificates Comodo Secure SSL Certificate Authority, CN = UTN - DATACorp SGC
error 2 at 3 depth lookup:unable to get issuer certificate
XXXXX ERROR: provided cert isn't valid.
We're getting there! Thanks so much for the help with this!!
Cheers
Chris
Active Member
Ok so try chmodding 0777 the .crt files and make sure the ca_bundle.crt includes the issuer's CA certificate in the specified format as seen my previous post.
chmod 0777 /path/to/your/certificate.crt
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
