Results 1 to 7 of 7

Thread: [SOLVED] Commercial SSL certs not working

  1. #1
    veronica is offline Outstanding Member
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default [SOLVED] Commercial SSL certs not working

    Hi All,

    I am installing verisign test certificate and i am geting following errors: -

    2008-06-26 11:21:05,118 INFO [btpool0-6] [ip=139.141.187.149;ua=Mozilla/4.0 (compatible;; MSIE 7.0;; Windows NT 5.1);] mailbox - FileUploadServlet received Upload: { accountId=f9ce1443-5568-42a1-8da5-6a17d8207462, time=Thu Jun 26 11:21:05 AST 2008, uploadId=2fa0606c-9561-48a2-81b9-9b2d0269f118:034bdb2b-277a-4212-9ae0-c3074b548b22, verisign_free_trial.crt}
    2008-06-26 11:21:05,118 INFO [btpool0-6] [ip=139.141.187.149;ua=Mozilla/4.0 (compatible;; MSIE 7.0;; Windows NT 5.1);] mailbox - FileUploadServlet received Upload: { accountId=f9ce1443-5568-42a1-8da5-6a17d8207462, time=Thu Jun 26 11:21:05 AST 2008, uploadId=2fa0606c-9561-48a2-81b9-9b2d0269f118:d4e91cac-9139-4402-b2a3-32bc9511809e, root.ca.txt}
    2008-06-26 11:21:05,118 INFO [btpool0-6] [ip=139.141.187.149;ua=Mozilla/4.0 (compatible;; MSIE 7.0;; Windows NT 5.1);] mailbox - FileUploadServlet received Upload: { accountId=f9ce1443-5568-42a1-8da5-6a17d8207462, time=Thu Jun 26 11:21:05 AST 2008, uploadId=2fa0606c-9561-48a2-81b9-9b2d0269f118:67dbb85c-844f-4dac-8a0a-e6213582a047, intermediate.ca.txt}
    2008-06-26 11:21:07,508 INFO [btpool0-6] [name=admin@ku.edu.kw;mid=2;ip=139.141.187.149;ua=Z imbraWebClient - IE7 (Win);] soap - InstallCertRequest
    2008-06-26 11:21:16,793 INFO [btpool0-6] [name=admin@ku.edu.kw;mid=2;ip=139.141.187.149;ua=Z imbraWebClient - IE7 (Win);] SoapEngine - handler exception
    com.zimbra.common.service.ServiceException: system failure: XXXXX ERROR: Invalid Certificate:
    ExceptionId:btpool0-6:1214468476788:9ac57f17241608de
    Code:service.FAILURE
    at com.zimbra.common.service.ServiceException.FAILURE (ServiceException.java:253)
    at com.zimbra.cert.OutputParser.parseOuput(OutputPars er.java:53)
    at com.zimbra.cert.InstallCert.handle(InstallCert.jav a:136)
    at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:410)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:267)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:159)
    at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:266)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:189)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:820)
    at org.mortbay.jetty.servlet.ServletHolder.handle(Ser vletHolder.java:487)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1093)
    at org.mortbay.servlet.UserAgentFilter.doFilter(UserA gentFilter.java:81)
    at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter .java:132)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1084)
    at org.mortbay.jetty.servlet.ServletHandler.handle(Se rvletHandler.java:360)
    at org.mortbay.jetty.security.SecurityHandler.handle( SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(Se ssionHandler.java:181)
    at org.mortbay.jetty.handler.ContextHandler.handle(Co ntextHandler.java:716)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebA ppContext.java:406)
    at org.mortbay.jetty.handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:211)
    at org.mortbay.jetty.handler.HandlerCollection.handle (HandlerCollection.java:114)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
    at org.mortbay.jetty.handler.rewrite.RewriteHandler.h andle(RewriteHandler.java:350)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:139)
    at org.mortbay.jetty.Server.handle(Server.java:313)
    at org.mortbay.jetty.HttpConnection.handleRequest(Htt pConnection.java:506)
    at org.mortbay.jetty.HttpConnection$RequestHandler.co ntent(HttpConnection.java:844)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser. java:644)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpPa rser.java:205)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnec tion.java:381)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(Selec tChannelEndPoint.java:396)
    at org.mortbay.thread.BoundedThreadPool$PoolThread.ru n(BoundedThreadPool.java:442)
    2008-06-26 11:21:19,643 INFO [Timer-3] [] FileUploadServlet - 3 pending file uploads


    I even tested it with following : -

    [zimbra@filter certs]$ openssl x509 -purpose -in verisign_free_trial.crt
    Certificate purposes:
    SSL client : Yes
    SSL client CA : No
    SSL server : Yes
    SSL server CA : No
    Netscape SSL server : Yes
    Netscape SSL server CA : No
    S/MIME signing : No
    S/MIME signing CA : No
    S/MIME encryption : No
    S/MIME encryption CA : No
    CRL signing : No
    CRL signing CA : No
    Any Purpose : Yes
    Any Purpose CA : Yes
    OCSP helper : Yes
    OCSP helper CA : No
    -----BEGIN CERTIFICATE-----
    MIIFXDCCBESgAwIBAgIQUopDOiMeUQuhp+/wCWRq2DANBgkqhkiG9w0BAQUFADCB
    yzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbm MuMTAwLgYDVQQL
    EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbm Nlcy4xQjBABgNV
    BAsTOVRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2 lnbi5jb20vY3Bz
    L3Rlc3RjYSAoYykwNTEtMCsGA1UEAxMkVmVyaVNpZ24gVHJpYW wgU2VjdXJlIFNl
    cnZlciBUZXN0IENBMB4XDTA4MDYyNjAwMDAwMFoXDTA4MDcxMD IzNTk1OVowgbAx
    CzAJBgNVBAYTAktXMQ4wDAYDVQQIEwVTYWZhdDEOMAwGA1UEBx QFU2FmYXQxHTAb
    BgNVBAoUFFVuaXZlcnNpdHkgb2YgS3V3YWl0MQswCQYDVQQLFA JJVDE6MDgGA1UE
    CxQxVGVybXMgb2YgdXNlIGF0IHd3dy52ZXJpc2lnbi5jb20vY3 BzL3Rlc3RjYSAo
    YykwNTEZMBcGA1UEAxQQZmlsdGVyLmt1LmVkdS5rdzCBnzANBg kqhkiG9w0BAQEF
    AAOBjQAwgYkCgYEAtnuQrVGeB6Uu0xOMim/WmX55gjjk9Qd1q6slzbqbxpfgcwSV
    tKs9ympIooW3+dJKzSBkWeQ3IcM2uL5yW7cQBxbGQLSKTT0L6F 1LrUHniscW1zNu
    VlfWKIxgmDD9RiNKzZBROKsGFMEE4MZlZsXIbTHlDesOyW+X9V RGzzQMuX0CAwEA
    AaOCAdcwggHTMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMEMGA1 UdHwQ8MDowOKA2
    oDSGMmh0dHA6Ly9TVlJTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS 9TVlJUcmlhbDIw
    MDUuY3JsMEoGA1UdIARDMEEwPwYKYIZIAYb4RQEHFTAxMC8GCC sGAQUFBwIBFiNo
    dHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzL3Rlc3RjYTAdBg NVHSUEFjAUBggr
    BgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUZiKOgeAxWd 0qf6tGxTYCBnAn
    h1oweAYIKwYBBQUHAQEEbDBqMCQGCCsGAQUFBzABhhhodHRwOi 8vb2NzcC52ZXJp
    c2lnbi5jb20wQgYIKwYBBQUHMAKGNmh0dHA6Ly9TVlJTZWN1cm UtYWlhLnZlcmlz
    aWduLmNvbS9TVlJUcmlhbDIwMDUtYWlhLmNlcjBuBggrBgEFBQ cBDARiMGChXqBc
    MFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBRLa7kolg YMu9BSOJsprEsH
    iyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2 dvMS5naWYwDQYJ
    KoZIhvcNAQEFBQADggEBAHBN/RzWZmqm2uqxTJ1bF/lxK/IRnUos/6YXmdLqt8tg
    Ng0GnvDg+o4bO0SRjt5nDzFtorWr1JHPGCSbW8C882iTW0IGVW qID2jhnryYkfl8
    anmWjxFkuj/hFUEYWh1BST/AluliBsQj4Pu4Te1ZTyI8ZdN3kQXnXicr+iFdZ8rd
    08m4yChh9DCIcJ5AZzcfM5rZ+R0plDubbWs/r9gF7Z6BZsIPYJ1MC/L7KBmnf87f
    I2J2F+HZ3bMmQJ3D4Goo5/DfJccpHkG8OT2KUj8mEOZRtI4c28SIFHehVBwU7ILx
    kWXCbYjJWtWW9z6QWRGPMJa9dajm3cjhIsD/YG0xI5E=
    -----END CERTIFICATE-----

    Can anyone help me on this ? Thanks in advance

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,586
    Rep Power
    57

    Default

    Some details of how you're trying to install it might help, command line or via the Admin UI? If it's via the command line, what are the exact commands you're using?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    ZCS' version is needed too.

  4. #4
    veronica is offline Outstanding Member
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    I am installing using Admin console. ZCS version is Release 5.0.6_GA_2313.RHEL4_64_20080522093238 RHEL4_64 NETWORK edition . I have followed Install Verisign Test Certificate on Zimbra Server - Zimbra :: Wiki wiki page for installation.

  5. #5
    veronica is offline Outstanding Member
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    I have generated CSR and pasted in the verisign certificate generation page and they mailed me the certificate. I then went to links http://www.verisign.com/support/veri...oot/index.html and Intermediate CA Certificates - Secure Site Trial Intermediate Certificate from VeriSign, Inc. for downloading root.ca and intermediate.ca which they display on respective screens. I then used these 3 files to import using admin console and got error as mentioned above .. Is anything else required for troubleshooting or should i follow some other procedure ?

  6. #6
    veronica is offline Outstanding Member
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    Finally was able to install the commercial certificate. The link Install Verisign Test Certificate on Zimbra Server - Zimbra :: Wiki didnt work for me at all. Better use Commercial Certificate in 5.x - Zimbra :: Wiki

  7. #7
    veronica is offline Outstanding Member
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    I found wiki not that clear for installation of commercial certificates. So i am listing step by step process which will be good for ppl. who are facing isues with installing commercial certificates: -

    STEPS TO INSTALL COMMERCIAL TRIAL CERTIFICATE

    1. GO IN /opt/zimbra/ssl/zimbra/commercial directory AND SEE IF commercial.key has permission set to 740.
    2. IF NOT CHANGE PERMISSIONS
    3. With CSR get certificate from verisign
    4. create a temp dir say /root/certs
    5. save certificate file in /root/cert as commercial.crt
    6. chmod TO 700 commercial.crt
    7. In mail which you recieved from verisign also look for root and intermediate certificate links.
    8. SAVE THEM IN /ROOT/CERTS DIRECTORY AS ROOT.CA AND INTERMEDIATE.CA
    9. RUN cat root.ca intermediate.ca >> commercial_ca.crt
    10. RUN chmod 770 commercial_ca.crt
    11. VERIFY USING THIS COMMAND
    /opt/zimbra/bin/zmcertmgr verifycrt comm /path/to/privatekey /path/to/commercial.crt /path/to/commercial_ca.cr

    THAT IS IN THIS CASE

    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /root/certs/commercial.crt /root/certs/commercial_ca.crt

    IF YOU GET SOMETHING LIKE THIS :-

    ** Verifying /root/certs/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/root/certs/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /root/certs/commercial.crt: OK

    12. THEN INSTALL LIKE BELOW

    [root@filter certs]# su - zimbra
    [zimbra@filter ~]$ sudo zmcertmgr deploycrt comm /root/certs/commercial.crt /root/certs/commercial_ca.crt

    SHOULD SEE FOLLOWING LOGS: -

    [zimbra@filter ~]$ sudo zmcertmgr deploycrt comm /root/certs/commercial.crt /root/certs/commercial_ca.crt
    ** Verifying /root/certs/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/root/certs/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /root/certs/commercial.crt: OK
    ** Copying /root/certs/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /root/certs/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.

    13. Restart Zimbra

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. Installing commercial ssl on zimbra cs (network ed.)
    By keithop in forum Administrators
    Replies: 4
    Last Post: 04-28-2009, 04:16 PM
  3. Replies: 0
    Last Post: 01-15-2008, 01:33 PM
  4. Commercial SSL Certificates and IMAP/POP
    By manthrax3 in forum Administrators
    Replies: 8
    Last Post: 10-27-2007, 04:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •