Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: [SOLVED] 5.0.2NE and commercial cert install

  1. #1
    tecnalb is offline Special Member
    Join Date
    Sep 2007
    Location
    Lexington, KY, USA
    Posts
    110
    Rep Power
    7

    Default [SOLVED] 5.0.2NE and commercial cert install

    I am running 5.0.2 and used the GUI tool to generate a csr for my Digicert wildcard certificate. I received my cert and when I tried to install I get this

    Your certificate was not installed due to the error : system failure: XXXXX ERROR: failed to create jetty.pkcs12 Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: failed to create jetty.pkcs12 Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: failed to create jetty.pkcs12

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    I had the same problem setting up a cert from GoDaddy : impossible to install it through the GUI, same error ("failed to create jetty.pkcs12").

    I deleted the empty jetty.pkcs12 file on the server and installed the cert with the CLI, it worked flawlessly.
    I used this : How to manually install your commercial certificate in 5.x - Zimbra :: Wiki

  4. #4
    tecnalb is offline Special Member
    Join Date
    Sep 2007
    Location
    Lexington, KY, USA
    Posts
    110
    Rep Power
    7

    Default

    Quote Originally Posted by phoenix View Post
    yes and below is the resultt: One thing, I noticed that there is a 0 byte file timestamped to my attempt called pksc12 with root ownership. Located in /opt/zimbra/ssl/zimbra


    [zimbra@zagnut certs]$ sudo zmcertmgr deploycrt comm star_storeitoffsite_com.crt comb.crt
    ** Verifying star_storeitoffsite_com.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (star_storeitoffsite_com.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: star_storeitoffsite_com.crt: OK
    ** Copying star_storeitoffsite_com.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain comb.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Installing Certificates from /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080208073824
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

    XXXXX ERROR: failed to create jetty.pkcs12
    No certificate matches private key

    [zimbra@zagnut certs]$

  5. #5
    tecnalb is offline Special Member
    Join Date
    Sep 2007
    Location
    Lexington, KY, USA
    Posts
    110
    Rep Power
    7

    Default

    bump


    Anyone installed a DigiCert wildcard certificate into Zimbra 5.02? I'm having no luck...

  6. #6
    tecnalb is offline Special Member
    Join Date
    Sep 2007
    Location
    Lexington, KY, USA
    Posts
    110
    Rep Power
    7

    Default Solved

    I found the problem. While using the CLI install routine I would get the below. As you can see the private key and cert are verified correct, yet at the end it would fail.

    [root@zagnut commercial]# /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/certs/star_domain_com.crt /opt/zimbra/certs/root.crt
    ** Verifying /opt/zimbra/certs/star_domain_com.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/certs/star_domain_com.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /opt/zimbra/certs/star_domain_com.crt: OK
    ** Copying /opt/zimbra/certs/star_domain_com.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /opt/zimbra/certs/root.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Installing Certificates from /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080209170438
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

    XXXXX ERROR: failed to create jetty.pkcs12
    No certificate matches private key


    I found that during this routine, the domain certificate and root certificate are combined together. The issue is (I guess) that when this happens they there is a carriage return left out which produces this:

    -----END CERTIFICATE----------BEGIN CERTIFICATE-----

    instead of this:

    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----

    What I did was edit my DigiCert star_domain_com.crt and add a return to the end. This produced the correct results and the cert installed correctly and I'm flying high!!

  7. #7
    stiller is offline Partner (VAR/HSP)
    Join Date
    May 2008
    Posts
    92
    Rep Power
    7

    Default

    This still happens in 6.0.7 for my rapidSSL cert and adding a return still helps.
    Snelbij | Uw informatie ter beschikking.
    https://www.snelbij.nl

  8. #8
    Sir_Yaro is offline Intermediate Member
    Join Date
    Oct 2008
    Location
    Poland
    Posts
    17
    Rep Power
    6

    Default

    Same here. Anyone ?

  9. #9
    mek1 is offline Loyal Member
    Join Date
    Jul 2008
    Posts
    78
    Rep Power
    7

    Default

    For ZCS 7.1 NE admins - I had to add a carriage return to the SSL certificate otherwise we would get the above mentioned
    Code:
    system failure: XXXXX ERROR: failed to create jetty.pkcs12
    Just a heads up.

  10. #10
    adalle is offline New Member
    Join Date
    Jun 2011
    Posts
    3
    Rep Power
    4

    Default

    I'm running ZCS 7.1.1 and went round and around until I found this thread.

    Carriage return saves the day. I hope they fix this bug, particularly since LDAP fails to start with a broken certificate install. That is fixed by running "zmcertmgr deploycrt" to re-deploy the self-signed cert.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  2. Replies: 23
    Last Post: 05-06-2008, 02:24 PM
  3. Replies: 0
    Last Post: 01-15-2008, 01:33 PM
  4. Replies: 2
    Last Post: 03-25-2007, 09:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •