Results 1 to 9 of 9

Thread: Trying to install QuickSSL certificate without any luck

  1. #1
    Priyantha Bleeker is offline Active Member
    Join Date
    Oct 2007
    Posts
    31
    Rep Power
    7

    Default Trying to install QuickSSL certificate without any luck

    Hi folks,

    I am trying to install a QuickSSL certificate on a Zimbra 5.0.5 OSS Edition installation, installed on CentOS 4.5.

    With the GUI I am getting the following error message:

    Code:
    Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate Chain: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=NL/O=mail.domainname.tld/OU=GT17839061/OU=See www.geotrust.com/resources/cps (c)08/OU=Domain Control Validated - QuickSSL(R)/CN=mail.domainname.tld
    When I try it on the console I get the following error:

    Code:
    sudo zmcertmgr deploycrt comm
    
    ** Verifying /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    XXXXX ERROR: Invalid Certificate: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=NL/O=mail.domainname.tld/OU=GT17839061/OU=See www.geotrust.com/resources/cps (c)08/OU=Domain Control Validated - QuickSSL(R)/CN=mail.domainname.tld
    error 20 at 0 depth lookup:unable to get local issuer certificate
    XXXXX ERROR: provided cert isn't valid.
    PS. I changed the real hostname in 'mail.domainname.tld' in the errors above here.

    I have downloaded the certificates statet here:
    SSL Certificate, SSL, Server Certificates, Web Server Certificates
    Without any luck.
    Maybe some of the zimbra dev's or somebody else with the right knowledge may help me with this case ?

    Thanks in advance

  2. #2
    Priyantha Bleeker is offline Active Member
    Join Date
    Oct 2007
    Posts
    31
    Rep Power
    7

    Default

    Somebody who may help me and maybe others with the same problems ?

  3. #3
    Priyantha Bleeker is offline Active Member
    Join Date
    Oct 2007
    Posts
    31
    Rep Power
    7

    Default

    Well, let's try it again...
    It can't be true that I am the only one with this problem, isn't it ?

  4. #4
    Join Date
    Nov 2007
    Posts
    10
    Rep Power
    7

    Default Similar problems...

    I have had the same problems in my attempts to load a commercial certificate. There are some comments on a couple of posts in the wiki about how to load the certs, and modify the zmcertmgr file. Check out this link in the wiki:

    Commercial Certificate in 5.x - Zimbra :: Wiki

    I attempted the install earlier in the week and it screwed up startup of Zimbra because of certificate failures when LDAP tried to load. I was able to correct the error by creating new certs and deploying them via the CLI.

    This Saturday I will attempt to more closely follow the wiki link, and start over. If I am successful, then I will post my notes for you. In the meantime, if you figure it out first, please post your success.

    Thanks...and goodluck.

  5. #5
    Priyantha Bleeker is offline Active Member
    Join Date
    Oct 2007
    Posts
    31
    Rep Power
    7

    Default

    Nope I didn't succeed
    I did try to follow the howto but didn't worked out.

  6. #6
    Join Date
    Nov 2007
    Posts
    10
    Rep Power
    7

    Default Same report for me...

    I did my best to follow the wiki over the weekend, and I could not get the certs to install. I don't know if this is a bug in the 5.05 that I am running or something else, but it failed on attempts to install either Verisign trial cert or FreeSSL trial cert.

    I will try to do some more research this week and let you know if I come up with a working solution.

  7. #7
    warmbowski is offline Active Member
    Join Date
    Apr 2008
    Location
    Seattle
    Posts
    37
    Rep Power
    7

    Default I get the same problem with godaddy.com

    I got the 'Invalid Certificate Chain' error as well when using the certificate wizard in the admin interface to install a commercial cert from godaddy.com. I followed the wiki instructions to no avail.

    Code:
    Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate Chain: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
    These are the files that I tried uploading via the certificate wizard after sending the generated csr to godaddy. I had to download these files from here: https://certs.godaddy.com/Repository.go, except for the server cert which was copied and pasted from my godaddy cert account into a text file (named with extention .cer via the godaddy instructions). I was forced to do the manual downloads because our spam filter service blocked the email with the attached certificate files.

    Certificate: my_server.cer (from my account)
    Root CA: gd-class2-root.crt (from the godaddy repository)
    Intermediate CA: gd_intermediate.crt (from the godaddy repository)
    Intermediate CA: gd_cross_intermediate.crt (from the godaddy repository)

    --ZCS OSS 5.0.4 on CentOS 5--

    Any help would be appreciated.

    -Paul

  8. #8
    warmbowski is offline Active Member
    Join Date
    Apr 2008
    Location
    Seattle
    Posts
    37
    Rep Power
    7

    Default godaddy chain complete

    Well I got the godaddy cert installed without the 'invalid cert chain' error (with the help of this thread). It turns out that I WAS installing the incorrect intermediate cert thus the cert chain wasn't going back to the CA. So this is officially what I uploaded in the web interface:

    Certificate: my_server.crt (copy/paste from my account)
    Root CA: gd-class2-root.crt (from the godaddy repository)
    Intermediate CA: gd_intermediate_bundle.crt (from the godaddy repository)

    the differences being that: 1. I changed the file extension of my server cert from cer to crt, and 2. that the gd_intermediate_bundle.crt is a concantination of the gd_intermediate.crt, gd_cross_intermediate.crt, and a third cert that matches no other cert that I had come across.

    If you want, you can go to the repository, download them and compare yourselves. Anyway, hope that helps a little for the original poster and the QuickSSL problem.

  9. #9
    sjobeck is offline Active Member
    Join Date
    May 2006
    Location
    www.sjobeck.com
    Posts
    41
    Rep Power
    9

    Default

    Thx for the very good extra notes on what made goDaddy fall in to line. The quickSSL product from geoTrust does not typically use an intermediate CA though. Just a tiny clarification is all.
    Thanks very much.

    Peace. Love. Linux.

    Jason Sjobeck
    xmpp:jason@sjobeck.com
    *Asterisk Consultant To The Stars *

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. Certificate fun...
    By TommyTheKid in forum Administrators
    Replies: 2
    Last Post: 02-12-2008, 05:32 PM
  3. Replies: 0
    Last Post: 01-15-2008, 01:33 PM
  4. Replies: 1
    Last Post: 11-05-2007, 06:55 PM
  5. Replies: 21
    Last Post: 09-27-2007, 11:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •