Results 1 to 2 of 2

Thread: SSL Certificate install error?!

  1. #1
    leSasch is offline Senior Member
    Join Date
    Jun 2010
    Posts
    56
    Rep Power
    4

    Default SSL Certificate install error?!

    Hi together,

    I'm trying my luck with installing a commercial certificate into zimbra.
    Unfortunately, it keeps saying the following:

    java.io.IOException: Duplicate extensions not allowed

    Steps were:
    - Create CSR via Webinterface (commonName = Hostname, Wildcards checked, some alternative Domains with "*.")
    - Created certificate from CSR
    - Copied .crt and .crt of the CA to zimbra-server
    - Checked match of CSR, Private Key, CA and CRT via:
    zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./zimbra.zeteko.net.crt ./ZeTeKo_CA.crt
    ** Verifying ./zimbra.zeteko.net.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (./zimbra.zeteko.net.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: ./zimbra.zeteko.net.crt: OK

    - Import via zmcertmgr deploycrt comm ./zimbra.zeteko.net.crt ./ZeTeKo_CA.crt

    Here's the error then (sorry for the mass of text):

    ** Verifying ./zimbra.zeteko.net.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (./zimbra.zeteko.net.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: ./zimbra.zeteko.net.crt: OK
    ** Copying ./zimbra.zeteko.net.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain ./ZeTeKo_CA.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
    ** NOTE: mailboxd must be restarted in order to use the imported certificate.
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...failed.

    Exception in thread "main" java.security.cert.CertificateParsingException: java.io.IOException: Duplicate extensions not allowed
    at sun.security.x509.X509CertInfo.(X509CertInfo.java:154)
    at sun.security.x509.X509CertImpl.parse(X509CertImpl. java:1729)
    at sun.security.x509.X509CertImpl.(X509CertImpl.java:179)
    at sun.security.provider.X509Factory.engineGenerateCe rtificate(X509Factory.java:90)
    at java.security.cert.CertificateFactory.generateCert ificate(CertificateFactory.java:305)
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.loa dSafeContents(PKCS12KeyStore.java:1391)
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.eng ineLoad(PKCS12KeyStore.java:1287)
    at java.security.KeyStore.load(KeyStore.java:1185)
    at com.zimbra.cert.MyPKCS12Import.main(MyPKCS12Import .java:96)
    Caused by: java.io.IOException: Duplicate extensions not allowed
    at sun.security.x509.CertificateExtensions.parseExten sion(CertificateExtensions.java:96)
    at sun.security.x509.CertificateExtensions.init(Certi ficateExtensions.java:70)
    at sun.security.x509.CertificateExtensions.(CertificateExtensions.java:60)
    at sun.security.x509.X509CertInfo.parse(X509CertInfo. java:723)
    at sun.security.x509.X509CertInfo.(X509CertInfo.java:152)
    ... 8 more

    ** Installing CA to /opt/zimbra/conf/ca...done.

    After that, Zimbra's services are dead!
    The only way to recover was to install the selfsigned cert via commandline.
    Any ideas about the java.io.IOException: Duplicate extensions not allowed ?

    Thanks!

  2. #2
    leSasch is offline Senior Member
    Join Date
    Jun 2010
    Posts
    56
    Rep Power
    4

    Default

    Did no one ever see the

    Exception in thread "main" java.security.cert.CertificateParsingException: java.io.IOException: Duplicate extensions not allowed

    error? No clues? Or is nobody using custom ssl? ;-)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 14
    Last Post: 09-26-2011, 11:50 PM
  2. Installation zimbra Initializing ldap...failed. (28416)
    By farrukh.nadeem in forum Installation
    Replies: 10
    Last Post: 08-14-2009, 06:52 AM
  3. [SOLVED] Error running mailboxd after script backup
    By ttortosa in forum Administrators
    Replies: 5
    Last Post: 10-22-2008, 01:33 AM
  4. [SOLVED] Postfix failing to start.
    By bonoboslr in forum Administrators
    Replies: 1
    Last Post: 08-30-2008, 01:42 AM
  5. M3 problem with shares
    By titangears in forum Users
    Replies: 4
    Last Post: 01-12-2006, 01:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •