Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Trouble with SSL Essential Cert install

  1. #1
    kenwardc is offline Active Member
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    2

    Default Trouble with SSL Essential Cert install

    Hi Folks

    Am attempting to install a cert for my mail server. Am getting the errors in the attached screenshots. Could someone help please?

    The servername is correct.
    The common name on the cert is correct.

    I don't choose an intermediate CA file because I have a root bundle.

    Any help would be greatly appreciated.

    Cheers
    Chris
    Attached Images Attached Images

  2. #2
    Paul Csiki is offline Active Member
    Join Date
    Apr 2012
    Posts
    43
    Rep Power
    2

    Default

    Hello,

    I've had a similar problem, try installing the certificate manually following this wiki post: 5.x Commercial Certificates Guide - Zimbra :: Wiki

    Good Luck,
    Paul.

  3. #3
    kenwardc is offline Active Member
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    2

    Default

    Hi Paul

    You think this will still work for the 7.2 release? Do you have any idea what that error message is actually saying is wrong?

    Cheers
    Chris

  4. #4
    Paul Csiki is offline Active Member
    Join Date
    Apr 2012
    Posts
    43
    Rep Power
    2

    Default

    Seriously no idea what's wrong. I followed the guide and everything worked properly.

    I run this:
    zmcertmgr deploycrt /tmp/server.crt /tmp/ca_bundle.crt
    I had the CSR generated by zimbra so the private key and CSR of the certficate were located at /opt/zimbra/ssl/zimbra/commercial under the names: commercial.csr and commercial.key. Make sure that the CA bundle contains the CA certificate in this format

    -----BEGIN CERTIFICATE-----
    MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCz AJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW 9UcnVzdCBHbG9i
    if it's like this fix it:

    -----BEGIN CERTIFICATE----- MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCz AJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW 9UcnVzdCBHbG9i
    Also check that you are running under root user and that you have the ca_certificates package installed.

    After you installed the certificate you need to enable ssl from zimbra user:

    su zimbra
    zmtlsctl both
    both for http and https
    http for http only
    https for https only
    mixed for https only at login
    redirect https only but redirect if you try to go to http

    Good Luck.

  5. #5
    kenwardc is offline Active Member
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    2

    Default

    hi Paul

    Sorry to keep coming back - I can't get the zmcertmgr command to work. If I CD to the /opt/zimbra.bin folder as Zimbra user then issue the command I get "must be run as root" but if I su - root and issue the command I get "command not found".

    I feel DUMB at this point....

    Cheers
    Chris

  6. #6
    Paul Csiki is offline Active Member
    Join Date
    Apr 2012
    Posts
    43
    Rep Power
    2

    Default

    Try doing:

    sudo bash
    cd /opt/zimbra/bin

  7. #7
    kenwardc is offline Active Member
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    2

    Default

    Hi Paul

    I get:
    bash: zmcertmgr: command not found

    I read somewhere that one cannot use the manual option anymore on the latest version. Do you think this could be the cause of this issue?

    Cheers
    Chris

  8. #8
    Paul Csiki is offline Active Member
    Join Date
    Apr 2012
    Posts
    43
    Rep Power
    2

    Default

    You need to run it like this: ./zmcertmgr parameters

  9. #9
    kenwardc is offline Active Member
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    2

    Default

    Hi Paul

    OK - now I get an error which sounds as though the CA bundle needs to be installed first? Here's the result of the command...

    ** Verifying /root/Downloads/zmail_xxxxx_co_uk/zmail_xxxxx_co_uk.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/root/Downloads/zmail_xxxxx_co_uk/zmail_xxxxx_co_uk.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    XXXXX ERROR: Invalid Certificate: /root/Downloads/zmail_xxxxx_co_uk/zmail_xxxxx_co_uk.crt: C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = SSL Certificates Comodo Secure SSL Certificate Authority, CN = UTN - DATACorp SGC
    error 2 at 3 depth lookup:unable to get issuer certificate
    XXXXX ERROR: provided cert isn't valid.

    We're getting there! Thanks so much for the help with this!!

    Cheers
    Chris

  10. #10
    Paul Csiki is offline Active Member
    Join Date
    Apr 2012
    Posts
    43
    Rep Power
    2

    Default

    Ok so try chmodding 0777 the .crt files and make sure the ca_bundle.crt includes the issuer's CA certificate in the specified format as seen my previous post.

    chmod 0777 /path/to/your/certificate.crt

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ZD untrusted Verisign SSL cert
    By JaymeH in forum General Questions
    Replies: 10
    Last Post: 01-12-2012, 06:39 AM
  2. geotrust ssl cert install problem
    By alto in forum Administrators
    Replies: 0
    Last Post: 06-03-2011, 01:10 AM
  3. SSL cert install fails (ver 6)
    By mahalito in forum Administrators
    Replies: 1
    Last Post: 12-17-2010, 08:28 AM
  4. Replies: 23
    Last Post: 05-06-2008, 02:24 PM
  5. Replies: 2
    Last Post: 03-25-2007, 09:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •