Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation
Reload this Page Commercial Cert for Zimbra Web

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 07-17-2007, 09:13 AM
Member
  
Posts: 12
Default Commercial Cert for Zimbra Web
All right, as per the instructions here:
Commercial Certificates - ZimbraWiki

I have acquired a Commercial Cert and have been trying to install it using the same instructions. When I was shipped the cert, I received MAIL.SERVER.COM.crt and MAIL.SERVER.COM.der files. On my first try, I used the crt and got the following error:
[zimbra@tegu ssl]$ keytool -import -alias tomcat -keystore /opt/zimbra/ssl/ssl/commercial.keystore -trustcacerts -file MAIL.SERVER.COM.crt -storepass zimbra
keytool error: java.lang.Exception: Failed to establish chain from reply

After this, I shrugged off the error and completed step C. I got a certificate installed, but it wasn't showing as having been signed by any CA and did not resolve the self-signed cert issue.

So I repeated this process with the .der file and got this message:
[zimbra@tegu ssl]$ keytool -import -alias tomcat -keystore /opt/zimbra/ssl/ssl/commercial.keystore -trustcacerts -file MAIL.LINDEGROUP.COM.der -storepass zimbra
keytool error: java.lang.Exception: Failed to establish chain from reply

lo-and-behold, it's the same message! This time I did not follow through.

I don't see any reference to this problem anywhere and am a tad bit confused. Does anyone have any guidance?

My exact ZCS version is posted in the top right.

Thanks,
Mike
Last edited by mwyant; 07-17-2007 at 09:57 AM..
Reply With Quote
  #2 (permalink)  
Old 07-17-2007, 09:26 AM
Former Zimbran
  
Posts: 5,606
Default
Import all of the certs that came with your cert.
Is this godaddy?

Just give them different aliases, like tomcat2

eg
keytool -import -alias tomcat2 blah blah
Reply With Quote
  #3 (permalink)  
Old 07-17-2007, 09:53 AM
Member
  
Posts: 12
Default
Is there a specific order I should go in here?

The CA is actually NetworkSolutions

I received:
AddTrustExternalRoot.crt
MAIL.SERVER.COM.crt
MAIL.SERVER.COM.der
NetworkSolutions_CA.crt
UTNAddTrustServer_CA.crt

Thanks!
Reply With Quote
  #4 (permalink)  
Old 07-17-2007, 10:11 AM
Former Zimbran
  
Posts: 5,606
Default
Well, you have to establish a trust chain. This usually because the vendor themselves aren't "trusted" so they have to establish a relationship with a trusted vendor.

Try this order:
AddTrustExternalRoot.crt
UTNAddTrustServer_CA.crt
NetworkSolutions_CA.crt
MAIL.SERVER.COM.crt
Reply With Quote
  #5 (permalink)  
Old 07-17-2007, 10:22 AM
Member
  
Posts: 12
Default
Huh. I'm getting public key mismatch errors now. I guess I'll try and redownload these and see where that goes.

Thanks so far.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.