Move GeoTrust commercial certificate from 4.5.5 to 5.0.4

[powere2e]

Here's my problem. I have the certificates from GeoTrust.
I have the .csr file that i sent to them to get the .crt file. I have also the .cer file.

The problem is that i cannot install this certificate into my Zimbra server.
I have the files:
- commercial.crt
- commercial.csr
- commercial_ca.crt which contains https://www.geotrust.com/resources/r..._Authority.cer
- commercial.key and commercial.key.dec that i got from my previous installation of Zimbra (4.5.5) on which the certificate worked well.

I tried to follow many how-to to get it running, but i still get errors.

Code:

** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
XXXXX ERROR: Invalid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: /C=CN/O=mail.sh.powere2e.com/OU=GT26680211/OU=See www.geotrust.com/resources/cps (c)07/OU=Domain Control Validated - QuickSSL(R)/CN=mail.mydomain.com
error 20 at 0 depth lookup:unable to get local issuer certificate

[uxbod]

Welcome to the forums

Have you had a read of this Wiki entry ?

[berryj]

I had gotten this same error and read the doc linked to above about certificate path validation. The signs seemed to point to a problem with the ca_chain. I quadruple-check my files for the the issued cert, root cert, and intermediate cert. What I missed, and what had caused the problem, was my commercial_ca.crt file in /opt/zimbra/ssl/zimbra/commercial. Instead of copying the combined root cert for my SSL cert provider and the intermediate cert, I had in error copied the issued cert. Be sure to check the content of your files!

[sjobeck]

I have installed a few dozen cert's on a few dozen boxes, as well as in to Zimbra, and feel like I understand it pretty well, however this specific server I am on today, is giving me this same error. I copied the cert' over to another machine & it verifies fine.

I copy it to my totally up to date 10.5.8 Apple laptop & it fails to verify there too. I downloaded & redownloaded the authority's cert' & reverified it against that & it still fails. The server is centOS 5.3 x64 & brand new & up to date. I have read most all posts on this site & haven't gotten it yet. I have read a lot of posts on the openSSL mailing list as well & haven't gotten it yet. If any one has ever REALLY really wrestled with getting a Geotrust quickSSL cert' to verify on a Linux box, please chime in & I would be quite grateful. Cheers. Thanks. Peace.