Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Commercial SSL Cert

  1. #1
    alexz is offline Active Member
    Join Date
    Oct 2005
    Posts
    46
    Rep Power
    9

    Thumbs up Commercial SSL Cert

    I followed the instructions at http://wiki.zimbra.com/index.php?tit...l_Certificates

    When I reach step 2B (import cert into the commercial keystore) I get the following error:

    keytool error: java.lang.Exception: Failed to establish chain from reply

    Any ideas?
    Last edited by alexz; 04-23-2006 at 07:56 AM.
    Sincerely,

    Alex

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,469
    Rep Power
    56

    Default

    Installation of a Commercial Certificate is outside the scope of these forums but have you tried the Certificate vendor's site? Here's what Thawte have to say on the error and, of course, google will give you plenty to read.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    alexz is offline Active Member
    Join Date
    Oct 2005
    Posts
    46
    Rep Power
    9

    Default

    Bill,

    I don't think that's a realistic answer. The digital cert is for use on a Zimbra server. Why would that not be related to the forums? I have searched those same web sites but they are generic and don't take into account Zimbra's software. In particular, I don't want to dig myself into a hole by just hacking away at proposed solutions without knowing how or if they will affect ZCS.

    I was hoping to find someone else who had this problem or perhaps see if someone at Zimbra knows what is causing it. I purchased the certificate from GoDaddy.com.
    Last edited by alexz; 04-15-2006 at 08:39 AM.
    Sincerely,

    Alex

  4. #4
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    alexz,
    I think perhaps we could give it a shot.
    Are you doing this as root or as zimbra user?

    Also, could you post your /var/log/zimbra.log and /opt/zimbra/log/zimbra.log? Perhaps there's a little more in there.

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,469
    Rep Power
    56

    Default

    Well, the requirements of each supllier are vary - that's why I pointed you to google.

    What have you done to find out what the problem might be? What does the GoDaddy site say about this error? Did you also search the forums to see if this has been covered before? Is the certificate you've got in the correct format? Did you read any of the google links? They're quite specific about this error.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    alexz is offline Active Member
    Join Date
    Oct 2005
    Posts
    46
    Rep Power
    9

    Default

    Bill,

    Not to be rude but the reason I posted this message in the first place is to find a solution to a problem that I am having with installing a digital certificate purchased from a commercial provider. I have generated a request using the commands specified in the Wiki post and used that request to obtain a commercial certificate from a CA, GoDaddy. I paid for a certificate and they sent me one. How I use that certificate is not their concern. I have used their certificates on Windows IIS servers for years and never had any problems. Clearly, installing certificates is very different in this situation which is why I am asking for help. I'm certainly not going to call GoDaddy and ask them how to install their certificate on a Zimbra server.
    Sincerely,

    Alex

  7. #7
    bobby is offline Zimbra Employee
    Join Date
    Nov 2005
    Posts
    518
    Rep Power
    10

    Default

    it should be like installing into any other tomcat. godaddy has pretty lame help/faq section but there is an "Installing Your SSL Certificate" page which has a link to "Installing SSL Certificate - Tomcat 4.x/5.x"

    also, i copied the error into google, clicked "i'm feeling lucky" and i got this page: http://www.thawte.com/ssl-digital-ce...va.html#error3

    both of which lead me to follow up phoenix: a.) what format is the cert? and b.) did you install the root and intermediate certs first?

  8. #8
    alexz is offline Active Member
    Join Date
    Oct 2005
    Posts
    46
    Rep Power
    9

    Default

    Quote Originally Posted by wannabetenor
    alexz,
    I think perhaps we could give it a shot.
    Are you doing this as root or as zimbra user?

    Also, could you post your /var/log/zimbra.log and /opt/zimbra/log/zimbra.log? Perhaps there's a little more in there.
    Thanks! They keytool didn't work while logged in as root. I used it as su zimbra.

    Here are the files. Nothing out of the ordinary. I ran the command in 2b and then took a snapshot of the logs.
    Attached Files Attached Files
    Sincerely,

    Alex

  9. #9
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,469
    Rep Power
    56

    Default

    Quote Originally Posted by alexz
    Bill,

    Not to be rude but the reason I posted this message in the first place is to find a solution to a problem that I am having with installing a digital certificate purchased from a commercial provider.
    I don't take your reply as being rude, I just don't understand why you didn't bother following any of the links that I provided. They were specific to your question and covered the reason why you got that error message. The point about following the wiki instructions is not to get to a point where there's an error and say 'I 've got this error, how do I fix it?', surely the point is to do some investigation as to why you've got the error and try to fix it yourself. Well, you asked the question and I pointed you to possible solutions but you seem to want someone to lead you by the hand through the problem, that's not my style and I'm sorry if that seems to offend you.

    If, after doing your own investigation, you're stumped then by all means ask a question and detail what you've done to get to that stage and people will be willing to help.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    alexz is offline Active Member
    Join Date
    Oct 2005
    Posts
    46
    Rep Power
    9

    Default

    Quote Originally Posted by bobby
    it should be like installing into any other tomcat. godaddy has pretty lame help/faq section but there is an "Installing Your SSL Certificate" page which has a link to "Installing SSL Certificate - Tomcat 4.x/5.x"

    also, i copied the error into google, clicked "i'm feeling lucky" and i got this page: http://www.thawte.com/ssl-digital-ce...va.html#error3

    both of which lead me to follow up phoenix: a.) what format is the cert? and b.) did you install the root and intermediate certs first?
    Bobby - I did what that page said "Installing Your Issued Web Server Certificate" as well as importing the root and intermediate certificates. Where it says "Updating the server.xml configuration file" - I assume this is not necessary since the server.xml points to the correct Zimbra keystore?

    As far as the format they send a .crt file, which is an x.509 certificate to the best of my understanding.
    Last edited by alexz; 04-15-2006 at 11:00 AM.
    Sincerely,

    Alex

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. Installing commercial ssl on zimbra cs (network ed.)
    By keithop in forum Administrators
    Replies: 4
    Last Post: 04-28-2009, 04:16 PM
  3. Replies: 2
    Last Post: 03-25-2007, 09:40 PM
  4. Commercial SSL certtificate installation
    By Daryl Jones in forum Installation
    Replies: 6
    Last Post: 02-13-2006, 12:55 PM
  5. Question installing commercial SSL cert
    By jigi in forum Administrators
    Replies: 0
    Last Post: 02-13-2006, 12:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •