Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-11-2008, 06:53 AM
Intermediate Member
 
Posts: 17
Default Concatenate the root and intermediaries files?

Can someone please explain how to Concatenate the root and intermediaries files found here

How to manually install your commercial certificate in 5.x - Zimbra :: Wiki
Reply With Quote
  #2 (permalink)  
Old 02-11-2008, 07:23 AM
OpenSource Builder & Moderator
 
Posts: 1,166
Default

try
cat file1 file2 >file3
Reply With Quote
  #3 (permalink)  
Old 02-11-2008, 01:45 PM
Intermediate Member
 
Posts: 17
Default

Quote:
Originally Posted by dijichi2 View Post
try
cat file1 file2 >file3
I made the file and followed the wiki for command line install. Here is my error

Error loading file cont.crt
15510:error:0906D066:PEM routines:PEM_read_bio:bad end lineem_lib.c:746:
15510:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:b y_file.c:280:
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_ check] [-engine e] cert1 cert2 ...
recognized usages:
sslclient SSL client
sslserver SSL server
nssslserver Netscape SSL server
smimesign S/MIME signing
smimeencrypt S/MIME encryption
crlsign CRL signing
any Any Purpose
ocsphelper OCSP helper
XXXXX ERROR: Invalid Certificate:
XXXXX ERROR: provided cert isn't valid.
Reply With Quote
  #4 (permalink)  
Old 02-11-2008, 11:20 PM
Zimbra Employee
 
Posts: 580
Default

Quote:
Originally Posted by webaj View Post
I made the file and followed the wiki for command line install. Here is my error
Don't concat the certs. Individual x509 hashes need to be made of each cert in the chain.

--Quanah
__________________
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Reply With Quote
  #5 (permalink)  
Old 02-12-2008, 04:14 AM
Intermediate Member
 
Posts: 17
Default

Quote:
Originally Posted by quanah View Post
Don't concat the certs. Individual x509 hashes need to be made of each cert in the chain.

--Quanah
How do I make x509 hashes? Why does Zimbra make this so damn hard?
Reply With Quote
  #6 (permalink)  
Old 02-12-2008, 07:11 AM
Intermediate Member
 
Posts: 17
Default

Solved.

I will write directions on how to use Digicert soon.
Reply With Quote
  #7 (permalink)  
Old 02-12-2008, 08:08 AM
Zimbra Employee
 
Posts: 580
Default

Quote:
Originally Posted by webaj View Post
Why does Zimbra make this so damn hard?
It isn't "Zimbra" making it hard. It's the way the SSL software (OpenSSL specifically) works.

And sorry, I misread what you were doing. You do have to initically concat them for zmcertmgr to split them apart and generate the hashes.

--Quanah
__________________
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration

Last edited by quanah; 02-12-2008 at 09:07 AM..
Reply With Quote
  #8 (permalink)  
Old 02-12-2008, 09:25 AM
Intermediate Member
 
Posts: 17
Default

Quote:
Originally Posted by quanah View Post
It isn't "Zimbra" making it hard. It's the way the SSL software (OpenSSL specifically) works.
--Quanah
I have to disagree with that. SSL setup on many other systems is much easier. Probably due to good documentation.

I accomplished the task with 4 commands. Only 1 is in the wiki and the 3 others are spread thought the forums and required modification.

I will make a how to in case other people are using Digicert.
Reply With Quote
  #9 (permalink)  
Old 02-13-2008, 06:31 AM
Moderator
 
Posts: 1,554
Default

webaj did you post your digicert instructions anywhere yet?

I have a *.domain.com wildcart cert as well, currently working for my webserver at www.domain.com. I copied the domain.com.crt , domain.com.key and DigiCert.crt file to the zimbra server to /opt/zimbra/ssl/zimbra/commercial/

I ran
./zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/domain.com.crt /opt/zimbra/ssl/zimbra/commercial/DigiCertCA.crt

but it complained about there being no commercial.key so i renamed my domain.com.key file to commercial.key and reran the command but now I get

** Verifying /opt/zimbra/ssl/zimbra/commercial/domain.com.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/opt/zimbra/ssl/zimbra/commercial/domain.com.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
XXXXX ERROR: Invalid Certificate: /opt/zimbra/ssl/zimbra/commercial/domain.com.crt: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global CA
error 2 at 1 depth lookup:unable to get issuer certificate
XXXXX ERROR: provided cert isn't valid.

I agree a bit with the complicated part. I consider myself pretty brave but a lot of the wiki's involve doing things I'm afraid I'd be unable to undo if something went wrong.
Reply With Quote
  #10 (permalink)  
Old 02-13-2008, 11:23 AM
Moderator
 
Posts: 1,554
Default

ah, duh. i forgot to append the root cert to the bottom of digicert,crt
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com




 

SEO by vBSEO ©2011, Crawlability, Inc.