Zimbra

veronica · #1 (**permalink**) 06-26-2008, 02:37 AM

Hi All,

I am installing verisign test certificate and i am geting following errors: -

2008-06-26 11:21:05,118 INFO [btpool0-6] [ip=139.141.187.149;ua=Mozilla/4.0 (compatible;; MSIE 7.0;; Windows NT 5.1);] mailbox - FileUploadServlet received Upload: { accountId=f9ce1443-5568-42a1-8da5-6a17d8207462, time=Thu Jun 26 11:21:05 AST 2008, uploadId=2fa0606c-9561-48a2-81b9-9b2d0269f118:034bdb2b-277a-4212-9ae0-c3074b548b22, verisign_free_trial.crt}
2008-06-26 11:21:05,118 INFO [btpool0-6] [ip=139.141.187.149;ua=Mozilla/4.0 (compatible;; MSIE 7.0;; Windows NT 5.1);] mailbox - FileUploadServlet received Upload: { accountId=f9ce1443-5568-42a1-8da5-6a17d8207462, time=Thu Jun 26 11:21:05 AST 2008, uploadId=2fa0606c-9561-48a2-81b9-9b2d0269f118:d4e91cac-9139-4402-b2a3-32bc9511809e, root.ca.txt}
2008-06-26 11:21:05,118 INFO [btpool0-6] [ip=139.141.187.149;ua=Mozilla/4.0 (compatible;; MSIE 7.0;; Windows NT 5.1);] mailbox - FileUploadServlet received Upload: { accountId=f9ce1443-5568-42a1-8da5-6a17d8207462, time=Thu Jun 26 11:21:05 AST 2008, uploadId=2fa0606c-9561-48a2-81b9-9b2d0269f118:67dbb85c-844f-4dac-8a0a-e6213582a047, intermediate.ca.txt}
2008-06-26 11:21:07,508 INFO [btpool0-6] [name=admin@ku.edu.kw;mid=2;ip=139.141.187.149;ua=Z imbraWebClient - IE7 (Win);] soap - InstallCertRequest
2008-06-26 11:21:16,793 INFO [btpool0-6] [name=admin@ku.edu.kw;mid=2;ip=139.141.187.149;ua=Z imbraWebClient - IE7 (Win);] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: system failure: XXXXX ERROR: Invalid Certificate:
ExceptionId:btpool0-6:1214468476788:9ac57f17241608de
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE (ServiceException.java:253)
at com.zimbra.cert.OutputParser.parseOuput(OutputPars er.java:53)
at com.zimbra.cert.InstallCert.handle(InstallCert.jav a:136)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:410)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:267)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:159)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:266)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:189)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(Ser vletHolder.java:487)
at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1093)
at org.mortbay.servlet.UserAgentFilter.doFilter(UserA gentFilter.java:81)
at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter .java:132)
at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1084)
at org.mortbay.jetty.servlet.ServletHandler.handle(Se rvletHandler.java:360)
at org.mortbay.jetty.security.SecurityHandler.handle( SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(Se ssionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(Co ntextHandler.java:716)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebA ppContext.java:406)
at org.mortbay.jetty.handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:211)
at org.mortbay.jetty.handler.HandlerCollection.handle (HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
at org.mortbay.jetty.handler.rewrite.RewriteHandler.h andle(RewriteHandler.java:350)
at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
at org.mortbay.jetty.Server.handle(Server.java:313)
at org.mortbay.jetty.HttpConnection.handleRequest(Htt pConnection.java:506)
at org.mortbay.jetty.HttpConnection$RequestHandler.co ntent(HttpConnection.java:844)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser. java:644)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpPa rser.java:205)
at org.mortbay.jetty.HttpConnection.handle(HttpConnec tion.java:381)
at org.mortbay.io.nio.SelectChannelEndPoint.run(Selec tChannelEndPoint.java:396)
at org.mortbay.thread.BoundedThreadPool$PoolThread.ru n(BoundedThreadPool.java:442)
2008-06-26 11:21:19,643 INFO [Timer-3] [] FileUploadServlet - 3 pending file uploads

I even tested it with following : -

[zimbra@filter certs]$ openssl x509 -purpose -in verisign_free_trial.crt
Certificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : No
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgIQUopDOiMeUQuhp+/wCWRq2DANBgkqhkiG9w0BAQUFADCB
yzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbm MuMTAwLgYDVQQL
EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbm Nlcy4xQjBABgNV
BAsTOVRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2 lnbi5jb20vY3Bz
L3Rlc3RjYSAoYykwNTEtMCsGA1UEAxMkVmVyaVNpZ24gVHJpYW wgU2VjdXJlIFNl
cnZlciBUZXN0IENBMB4XDTA4MDYyNjAwMDAwMFoXDTA4MDcxMD IzNTk1OVowgbAx
CzAJBgNVBAYTAktXMQ4wDAYDVQQIEwVTYWZhdDEOMAwGA1UEBx QFU2FmYXQxHTAb
BgNVBAoUFFVuaXZlcnNpdHkgb2YgS3V3YWl0MQswCQYDVQQLFA JJVDE6MDgGA1UE
CxQxVGVybXMgb2YgdXNlIGF0IHd3dy52ZXJpc2lnbi5jb20vY3 BzL3Rlc3RjYSAo
YykwNTEZMBcGA1UEAxQQZmlsdGVyLmt1LmVkdS5rdzCBnzANBg kqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAtnuQrVGeB6Uu0xOMim/WmX55gjjk9Qd1q6slzbqbxpfgcwSV
tKs9ympIooW3+dJKzSBkWeQ3IcM2uL5yW7cQBxbGQLSKTT0L6F 1LrUHniscW1zNu
VlfWKIxgmDD9RiNKzZBROKsGFMEE4MZlZsXIbTHlDesOyW+X9V RGzzQMuX0CAwEA
AaOCAdcwggHTMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMEMGA1 UdHwQ8MDowOKA2
oDSGMmh0dHA6Ly9TVlJTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS 9TVlJUcmlhbDIw
MDUuY3JsMEoGA1UdIARDMEEwPwYKYIZIAYb4RQEHFTAxMC8GCC sGAQUFBwIBFiNo
dHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzL3Rlc3RjYTAdBg NVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUZiKOgeAxWd 0qf6tGxTYCBnAn
h1oweAYIKwYBBQUHAQEEbDBqMCQGCCsGAQUFBzABhhhodHRwOi 8vb2NzcC52ZXJp
c2lnbi5jb20wQgYIKwYBBQUHMAKGNmh0dHA6Ly9TVlJTZWN1cm UtYWlhLnZlcmlz
aWduLmNvbS9TVlJUcmlhbDIwMDUtYWlhLmNlcjBuBggrBgEFBQ cBDARiMGChXqBc
MFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBRLa7kolg YMu9BSOJsprEsH
iyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2 dvMS5naWYwDQYJ
KoZIhvcNAQEFBQADggEBAHBN/RzWZmqm2uqxTJ1bF/lxK/IRnUos/6YXmdLqt8tg
Ng0GnvDg+o4bO0SRjt5nDzFtorWr1JHPGCSbW8C882iTW0IGVW qID2jhnryYkfl8
anmWjxFkuj/hFUEYWh1BST/AluliBsQj4Pu4Te1ZTyI8ZdN3kQXnXicr+iFdZ8rd
08m4yChh9DCIcJ5AZzcfM5rZ+R0plDubbWs/r9gF7Z6BZsIPYJ1MC/L7KBmnf87f
I2J2F+HZ3bMmQJ3D4Goo5/DfJccpHkG8OT2KUj8mEOZRtI4c28SIFHehVBwU7ILx
kWXCbYjJWtWW9z6QWRGPMJa9dajm3cjhIsD/YG0xI5E=
-----END CERTIFICATE-----

Can anyone help me on this ? Thanks in advance

phoenix · #2 (**permalink**) 06-26-2008, 04:53 AM

Some details of how you're trying to install it might help, command line or via the Admin UI? If it's via the command line, what are the exact commands you're using?

Klug · #3 (**permalink**) 06-26-2008, 07:38 AM

ZCS' version is needed too.

veronica · #4 (**permalink**) 06-26-2008, 09:20 AM

I am installing using Admin console. ZCS version is Release 5.0.6_GA_2313.RHEL4_64_20080522093238 RHEL4_64 NETWORK edition . I have followed Install Verisign Test Certificate on Zimbra Server - Zimbra :: Wiki wiki page for installation.

veronica · #5 (**permalink**) 06-26-2008, 09:24 AM

I have generated CSR and pasted in the verisign certificate generation page and they mailed me the certificate. I then went to links http://www.verisign.com/support/veri...oot/index.html and Intermediate CA Certificates - Secure Site Trial Intermediate Certificate from VeriSign, Inc. for downloading root.ca and intermediate.ca which they display on respective screens. I then used these 3 files to import using admin console and got error as mentioned above .. Is anything else required for troubleshooting or should i follow some other procedure ?

veronica · #6 (**permalink**) 06-30-2008, 04:07 AM

Finally was able to install the commercial certificate. The link Install Verisign Test Certificate on Zimbra Server - Zimbra :: Wiki didnt work for me at all. Better use Commercial Certificate in 5.x - Zimbra :: Wiki

veronica · #7 (**permalink**) 06-30-2008, 06:33 AM

I found wiki not that clear for installation of commercial certificates. So i am listing step by step process which will be good for ppl. who are facing isues with installing commercial certificates: -

STEPS TO INSTALL COMMERCIAL TRIAL CERTIFICATE

1. GO IN /opt/zimbra/ssl/zimbra/commercial directory AND SEE IF commercial.key has permission set to 740.
2. IF NOT CHANGE PERMISSIONS
3. With CSR get certificate from verisign
4. create a temp dir say /root/certs
5. save certificate file in /root/cert as commercial.crt
6. chmod TO 700 commercial.crt
7. In mail which you recieved from verisign also look for root and intermediate certificate links.
8. SAVE THEM IN /ROOT/CERTS DIRECTORY AS ROOT.CA AND INTERMEDIATE.CA
9. RUN cat root.ca intermediate.ca >> commercial_ca.crt
10. RUN chmod 770 commercial_ca.crt
11. VERIFY USING THIS COMMAND
/opt/zimbra/bin/zmcertmgr verifycrt comm /path/to/privatekey /path/to/commercial.crt /path/to/commercial_ca.cr

THAT IS IN THIS CASE

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /root/certs/commercial.crt /root/certs/commercial_ca.crt

IF YOU GET SOMETHING LIKE THIS :-

** Verifying /root/certs/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/root/certs/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /root/certs/commercial.crt: OK

12. THEN INSTALL LIKE BELOW

[root@filter certs]# su - zimbra
[zimbra@filter ~]$ sudo zmcertmgr deploycrt comm /root/certs/commercial.crt /root/certs/commercial_ca.crt

SHOULD SEE FOLLOWING LOGS: -

[zimbra@filter ~]$ sudo zmcertmgr deploycrt comm /root/certs/commercial.crt /root/certs/commercial_ca.crt
** Verifying /root/certs/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/root/certs/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /root/certs/commercial.crt: OK
** Copying /root/certs/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain /root/certs/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.

13. Restart Zimbra

Zimbra

Downloads

Product Information

Toolbox

Why Join?