Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Can't install commercial ssl cert after upgrade via admin web gui.

  1. #1
    webaj is offline Intermediate Member
    Join Date
    Nov 2007
    Posts
    17
    Rep Power
    7

    Angry Can't install commercial ssl cert after upgrade via admin web gui.

    I upgraded to 5 today and was very happy to see a gui for installing ssl certs.

    I already have a wild card cert from digicert so I went to the wizard.

    No problems until the very end after selecting finish i get the following.

    Your certificate was not installed due to the error : system failure: XXXXX ERROR: failed to create jetty.pkcs12 Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: failed to create jetty.pkcs12 Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: failed to create jetty.pkcs12

  2. #2
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Out of curiosity, are you not in the US?

  3. #3
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    We suggest waiting until 5.0.1 is out for Commercial Cert use/installation. There are several fixes for Commercial Certs that you'll need.

  4. #4
    webaj is offline Intermediate Member
    Join Date
    Nov 2007
    Posts
    17
    Rep Power
    7

    Default

    Quote Originally Posted by jholder View Post
    Out of curiosity, are you not in the US?
    Out of curiosity, why do you ask?

    Anyway I am in the US.

  5. #5
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Quote Originally Posted by webaj View Post
    Out of curiosity, why do you ask?

    Anyway I am in the US.
    There was a separate issue I thought you might be hitting. Turns out that's not it.

  6. #6
    webaj is offline Intermediate Member
    Join Date
    Nov 2007
    Posts
    17
    Rep Power
    7

    Default

    Quote Originally Posted by jholder View Post
    We suggest waiting until 5.0.1 is out for Commercial Cert use/installation. There are several fixes for Commercial Certs that you'll need.

    I upgraded the server today and still get the following problem.

    Your certificate was not installed due to the error : system failure: XXXXX ERROR: failed to create jetty.pkcs12 Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: failed to create jetty.pkcs12 Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: failed to create jetty.pkcs12

  7. #7
    brian is offline Project Contributor
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    9

    Default

    Try installing with the command line interface and post the full error message. As zimbra

    Code:
    sudo zmcertmgr deploycrt comm  
    If your cert authority has a root ca plus intermediaries you'll need to concatenate them into one file.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  8. #8
    webaj is offline Intermediate Member
    Join Date
    Nov 2007
    Posts
    17
    Rep Power
    7

    Default

    Quote Originally Posted by brian View Post
    Try installing with the command line interface and post the full error message. As zimbra

    Code:
    sudo zmcertmgr deploycrt comm  
    If your cert authority has a root ca plus intermediaries you'll need to concatenate them into one file.

    zimbra@abby:/opt/key> sudo zmcertmgr deploycrt comm /opt/key/star_example_org.crt /opt/key/DigiCertCA.crt
    ** Verifying /opt/key/star_example_org.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    XXXXX ERROR: Unmatching certificate (/opt/key/star_example_org.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
    XXXXX ERROR: provided cert isn't valid.

    or


    zimbra@abby:/opt/key> sudo zmcertmgr deploycrt comm
    ** Verifying /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: OK
    ** Copying /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current_chain.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Installing Certificates from /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080114092253
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

    XXXXX ERROR: failed to create jetty.pkcs12
    No certificate matches private key

  9. #9
    jonl is offline New Member
    Join Date
    Jan 2008
    Posts
    3
    Rep Power
    7

    Default

    This is my first post so hope I am doing things correctly.

    Anyway, fwiw I am having the same problem when installing commercial certificates. I tried using the web interface and using the command line with the same results as the last poster.

    It errors the same way via the web interface when I try to create a self-signed certificate while renaming the Location, Organization, Department, etc.

    After receiving the error with the self-signed certificate and not reinstalling the original certificate the web interface will disappear after a system restart. This does not happen after the error if I try to install a commercial certificate.

  10. #10
    brian is offline Project Contributor
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    9

    Default

    Jonl:

    The current openssl policy doesn't support changing the Locale, City, ST when generating a self-signed cert. This has been fixed for 5.0.2.

    webaj:

    This means the cert you are trying to install doesn't match the private key? Did you generate the csr from the zimbra wizard? If not you'll need to install the private key from where ever you generated the csr to send to your commercial cert provider.
    Bugzilla - Wiki - Downloads - Before posting... Search!

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Failed Commercial Cert Migration
    By solarsail in forum Administrators
    Replies: 10
    Last Post: 04-23-2009, 01:03 AM
  2. SSL Cert Questions
    By playnada in forum Administrators
    Replies: 3
    Last Post: 05-06-2008, 10:22 AM
  3. Replies: 1
    Last Post: 01-11-2008, 06:36 PM
  4. Domain not showing up in admin GUI selector box
    By iain in forum Administrators
    Replies: 0
    Last Post: 01-10-2007, 09:31 AM
  5. old server name admin web gui problem.
    By demanl in forum Administrators
    Replies: 2
    Last Post: 07-26-2006, 05:11 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •