Can someone please explain how to Concatenate the root and intermediaries files found here
How to manually install your commercial certificate in 5.x - Zimbra :: Wiki
LinkBack URL
About LinkBacks
Intermediate Member
Concatenate the root and intermediaries files?
Can someone please explain how to Concatenate the root and intermediaries files found here
How to manually install your commercial certificate in 5.x - Zimbra :: Wiki
OpenSource Builder & Moderator
try
cat file1 file2 >file3
Intermediate Member
I made the file and followed the wiki for command line install. Here is my errorOriginally Posted by dijichi2
Error loading file cont.crt
15510:error:0906D066:PEM routines:PEM_read_bio:bad end lineem_lib.c:746:
15510:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:b y_file.c:280:
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_ check] [-engine e] cert1 cert2 ...
recognized usages:
sslclient SSL client
sslserver SSL server
nssslserver Netscape SSL server
smimesign S/MIME signing
smimeencrypt S/MIME encryption
crlsign CRL signing
any Any Purpose
ocsphelper OCSP helper
XXXXX ERROR: Invalid Certificate:
XXXXX ERROR: provided cert isn't valid.
Zimbra Employee
Don't concat the certs. Individual x509 hashes need to be made of each cert in the chain.
--Quanah
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Intermediate Member
How do I make x509 hashes? Why does Zimbra make this so damn hard?
Intermediate Member
Solved.
I will write directions on how to use Digicert soon.
Zimbra Employee
It isn't "Zimbra" making it hard. It's the way the SSL software (OpenSSL specifically) works.
And sorry, I misread what you were doing. You do have to initically concat them for zmcertmgr to split them apart and generate the hashes.
--Quanah
Last edited by quanah; 02-12-2008 at 09:07 AM.
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Intermediate Member
I have to disagree with that. SSL setup on many other systems is much easier. Probably due to good documentation.
I accomplished the task with 4 commands. Only 1 is in the wiki and the 3 others are spread thought the forums and required modification.
I will make a how to in case other people are using Digicert.
Moderator
webaj did you post your digicert instructions anywhere yet?
I have a *.domain.com wildcart cert as well, currently working for my webserver at www.domain.com. I copied the domain.com.crt , domain.com.key and DigiCert.crt file to the zimbra server to /opt/zimbra/ssl/zimbra/commercial/
I ran
./zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/domain.com.crt /opt/zimbra/ssl/zimbra/commercial/DigiCertCA.crt
but it complained about there being no commercial.key so i renamed my domain.com.key file to commercial.key and reran the command but now I get
** Verifying /opt/zimbra/ssl/zimbra/commercial/domain.com.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/opt/zimbra/ssl/zimbra/commercial/domain.com.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
XXXXX ERROR: Invalid Certificate: /opt/zimbra/ssl/zimbra/commercial/domain.com.crt: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global CA
error 2 at 1 depth lookup:unable to get issuer certificate
XXXXX ERROR: provided cert isn't valid.
I agree a bit with the complicated part. I consider myself pretty brave but a lot of the wiki's involve doing things I'm afraid I'd be unable to undo if something went wrong.
Moderator
ah, duh. i forgot to append the root cert to the bottom of digicert,crt
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
