Results 1 to 9 of 9

Thread: Install Existing SSL cert?

  1. #1
    kyo
    kyo is offline Junior Member
    Join Date
    Mar 2009
    Posts
    5
    Rep Power
    6

    Default Install Existing SSL cert?

    First I wanted to say I'm a newbie when it comes to linux, so i'm not sure if this can be done.

    Basically I have a wildcard SSL cert for my domain, and it's installed on a windows. Is it possible for me to export it from windows and import it into the box where I have zimbra installed.

    My installation of zimbra is installed on SLES 10.2.

    Any sugguestion would be greatly appreciated.

  2. #2
    jeeves is offline Junior Member
    Join Date
    Dec 2008
    Posts
    9
    Rep Power
    6

    Default

    I wud suggest you to verify with the certificate provider regarding the comaptibility(windows and linux). You can then try to install the certificates via the admin console.

    Please see this link for more info :

    http://wiki.zimbra.com/index.php?tit...tificate_Tools

  3. #3
    kyo
    kyo is offline Junior Member
    Join Date
    Mar 2009
    Posts
    5
    Rep Power
    6

    Default

    Quote Originally Posted by jeeves View Post
    I wud suggest you to verify with the certificate provider regarding the comaptibility(windows and linux). You can then try to install the certificates via the admin console.

    Please see this link for more info :

    http://wiki.zimbra.com/index.php?tit...tificate_Tools
    Unfortunately in the admin console, i cannot just import the certificate. I have to generate a csr request first. Since I'm trying to install an existing cert I dont need to generate a csr.

  4. #4
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    8

    Default

    I was in a similar situation recently; actually I needed to re-use a cert from an earlier trial NE with a new version of the trial NE. I had partial success using

    /opt/zimbra/bin/zmcertmgr deploycrt comm

    (Must be run as root.)

    See zmcertmgr and Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    Where I ran into trouble was with the intermediate and root certs, I believe. The commercial certificate is installed but the cert chain isn't complete as far as a web browser or other client is concerned. I would go back and try again but I've been busy with more pressing matters.

    As for exporting a cert from Windows, I know that I've done it in the past. Here's a link that I turned up via a web search: How to export a SSL certificate from Windows 2000 / 2003 server?

    However, when I did it in the past, I was importing the cert into another IIS machine. I don't know if the format produced by Windows will be compatible with Zimbra, or if not, whether it can be massaged into the right format.

  5. #5
    kyo
    kyo is offline Junior Member
    Join Date
    Mar 2009
    Posts
    5
    Rep Power
    6

    Default

    I have no issue exported the ssl cert from windows. I've even got as far using openssl to convert the certificate format from pfx file to a text, and used it to create a key file, and a cert file for zimbra. I downloaded the certificate chain, and followed the wiki to install the godaddy cert and used cat to combine the chain into one cert file. However I get an error message when I try to use zmcertmgr to deploy the cert, it was related to the cert not matching the csr.

    So i'm not sure if it is possible to import a cert into zimbra, without actually first generating a csr request.

  6. #6
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    8

    Default

    You may be right. When I did the import to Zimbra, I had one or more files scavenged from the previous install; one of them may have had the csr info. I'll try to remember to double check my notes but if I don't followup please pm me.

  7. #7
    kyo
    kyo is offline Junior Member
    Join Date
    Mar 2009
    Posts
    5
    Rep Power
    6

    Default

    I was able to finally install the cert, but i created another problem.

    So i used openssl to export the key and cert into separate files, commericial.crt and commercial.key

    I followed the instructions on the wiki to install the godaddy commericial but i also added the commercial.crt to the cat command.

    Then i edited the commercial_ca.crt it generated, it looked like one of my certs didn't end correctly so a space was inserted.

    Now the cert is installed and it's working, however when i stopped the service and started it using zmcontrol it prompts for PEM phrase.

  8. #8
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    8

    Default

    Well, it sounds like you may have gotten farther than me, or at least our issues have forked Wish I could be more help.

  9. #9
    kyo
    kyo is offline Junior Member
    Join Date
    Mar 2009
    Posts
    5
    Rep Power
    6

    Default

    Quote Originally Posted by ewilen View Post
    Well, it sounds like you may have gotten farther than me, or at least our issues have forked Wish I could be more help.
    I guess it's working but it's annoying to have to enter the PEM pass phrase each time.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Commercial SSL Cert Install Zimbra 5.x -- again
    By PhishKiller in forum Administrators
    Replies: 2
    Last Post: 12-10-2008, 06:03 PM
  2. Fresh Zimbra installation does not work
    By Datax in forum Installation
    Replies: 4
    Last Post: 08-18-2008, 01:18 PM
  3. Replies: 23
    Last Post: 05-06-2008, 02:24 PM
  4. [SOLVED] SSL Cert Import IE/windows broken?
    By raj in forum Installation
    Replies: 4
    Last Post: 01-28-2008, 07:48 PM
  5. Replies: 2
    Last Post: 03-25-2007, 09:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •