Commercial SSL Cert

[alexz]

I followed the instructions at http://wiki.zimbra.com/index.php?tit...l_Certificates

When I reach step 2B (import cert into the commercial keystore) I get the following error:

keytool error: java.lang.Exception: Failed to establish chain from reply

Any ideas?

[phoenix]

Installation of a Commercial Certificate is outside the scope of these forums but have you tried the Certificate vendor's site? Here's what Thawte have to say on the error and, of course, google will give you plenty to read.

[alexz]

Bill,

I don't think that's a realistic answer. The digital cert is for use on a Zimbra server. Why would that not be related to the forums? I have searched those same web sites but they are generic and don't take into account Zimbra's software. In particular, I don't want to dig myself into a hole by just hacking away at proposed solutions without knowing how or if they will affect ZCS.

I was hoping to find someone else who had this problem or perhaps see if someone at Zimbra knows what is causing it. I purchased the certificate from GoDaddy.com.

[jholder]

alexz,
I think perhaps we could give it a shot.
Are you doing this as root or as zimbra user?

Also, could you post your /var/log/zimbra.log and /opt/zimbra/log/zimbra.log? Perhaps there's a little more in there.

[phoenix]

Well, the requirements of each supllier are vary - that's why I pointed you to google.

What have you done to find out what the problem might be? What does the GoDaddy site say about this error? Did you also search the forums to see if this has been covered before? Is the certificate you've got in the correct format? Did you read any of the google links? They're quite specific about this error.

[alexz]

Bill,

Not to be rude but the reason I posted this message in the first place is to find a solution to a problem that I am having with installing a digital certificate purchased from a commercial provider. I have generated a request using the commands specified in the Wiki post and used that request to obtain a commercial certificate from a CA, GoDaddy. I paid for a certificate and they sent me one. How I use that certificate is not their concern. I have used their certificates on Windows IIS servers for years and never had any problems. Clearly, installing certificates is very different in this situation which is why I am asking for help. I'm certainly not going to call GoDaddy and ask them how to install their certificate on a Zimbra server.

[bobby]

it should be like installing into any other tomcat. godaddy has pretty lame help/faq section but there is an "Installing Your SSL Certificate" page which has a link to "Installing SSL Certificate - Tomcat 4.x/5.x"

also, i copied the error into google, clicked "i'm feeling lucky" and i got this page: http://www.thawte.com/ssl-digital-ce...va.html#error3

both of which lead me to follow up phoenix: a.) what format is the cert? and b.) did you install the root and intermediate certs first?

[alexz]

Quote:

Originally Posted by wannabetenor

alexz,
I think perhaps we could give it a shot.
Are you doing this as root or as zimbra user?

Also, could you post your /var/log/zimbra.log and /opt/zimbra/log/zimbra.log? Perhaps there's a little more in there.

Thanks! They keytool didn't work while logged in as root. I used it as su zimbra.

Here are the files. Nothing out of the ordinary. I ran the command in 2b and then took a snapshot of the logs.

[phoenix]

Quote:

Originally Posted by alexz

Bill,

Not to be rude but the reason I posted this message in the first place is to find a solution to a problem that I am having with installing a digital certificate purchased from a commercial provider.

I don't take your reply as being rude, I just don't understand why you didn't bother following any of the links that I provided. They were specific to your question and covered the reason why you got that error message. The point about following the wiki instructions is not to get to a point where there's an error and say 'I 've got this error, how do I fix it?', surely the point is to do some investigation as to why you've got the error and try to fix it yourself. Well, you asked the question and I pointed you to possible solutions but you seem to want someone to lead you by the hand through the problem, that's not my style and I'm sorry if that seems to offend you.

If, after doing your own investigation, you're stumped then by all means ask a question and detail what you've done to get to that stage and people will be willing to help.

[alexz]

Quote:

Originally Posted by bobby

it should be like installing into any other tomcat. godaddy has pretty lame help/faq section but there is an "Installing Your SSL Certificate" page which has a link to "Installing SSL Certificate - Tomcat 4.x/5.x"

also, i copied the error into google, clicked "i'm feeling lucky" and i got this page: http://www.thawte.com/ssl-digital-ce...va.html#error3

both of which lead me to follow up phoenix: a.) what format is the cert? and b.) did you install the root and intermediate certs first?

Bobby - I did what that page said "Installing Your Issued Web Server Certificate" as well as importing the root and intermediate certificates. Where it says "Updating the server.xml configuration file" - I assume this is not necessary since the server.xml points to the correct Zimbra keystore?

As far as the format they send a .crt file, which is an x.509 certificate to the best of my understanding.