Results 1 to 7 of 7

Thread: Doubts about the commercial SSL certificate installation

  1. #1
    clark kent is offline Junior Member
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Unhappy Doubts about the commercial SSL certificate installation

    Guys, sorry for my bad Inglês, is not my native language

    I have today an e-mail server Postfix That runs and use a commercial certificate of Thawte. This certificate is used for connections via Webmail, IMAP and POP. and works very well.

    I am migrating this server e-mail to the Zimbra Open Source and 7 am HAVING some doubts about the SSL certificates.

    Can I reuse my old certificates Which Were used in the old server? If yes, is there any process I have to take?

    If I Can not take my old certificate, then I must generate a new one. When I generate the new certificate in Thawte, I generate the certificate for the domain mail.xxxxxx.com

    Here it is my greatest doubts. When I ride my server, the name of my server has to Be Exactly equal to the domain name in the register in Thawte? or Can I use any name for the server? and then generate a certificate in the Thawte for mail.xxxx.com domain?

    Thank you for everyone's help.

  2. #2
    kruon is offline Loyal Member
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    5

    Default

    Quote Originally Posted by clark kent View Post
    Can I reuse my old certificates Which Were used in the old server? If yes, is there any process I have to take?
    You can reuse your old certificate. You need to copy it from the old server and install it to the new server. See zimbra wiki page about installing commercial certificates.

    Quote Originally Posted by clark kent View Post
    If I Can not take my old certificate, then I must generate a new one. When I generate the new certificate in Thawte, I generate the certificate for the domain mail.xxxxxx.com

    Here it is my greatest doubts. When I ride my server, the name of my server has to Be Exactly equal to the domain name in the register in Thawte? or Can I use any name for the server? and then generate a certificate in the Thawte for mail.xxxx.com domain?

    Thank you for everyone's help.
    If you decide to reuse your old certificate, your new servers public hostname must exactly match the one you registered the old certificate with.

    If you need to change the public hostname of the server, you need to register new certificate to match the new name.

  3. #3
    clark kent is offline Junior Member
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Default

    Hello,

    Thank you for your quick response.

    Well, I decided to run some tests, and i tried to generate the CSR file to send to Thawte. i can generate the file perteitamente by WebGUI, I put all the necessary information, but when Thawte will check the file CSR, tells me that the country code is not included. the exact error is:

    "The CSR must include the Country Code"

    At the time of generation of Certificate I really put the country code.

    Someone has gone through this kind of problem?

  4. #4
    kruon is offline Loyal Member
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    5

    Default

    This sounds like a typo while entering data or a bug in webgui to me.
    Country code is two letter country identificator, for example, DE, FR, ES, FI etc.

    The CSR generator should ask for the country code.

  5. #5
    clark kent is offline Junior Member
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Default

    I agree with you, in the WebGUI I insert this information as requested. and yet the Thwate returns me this error.

    I have three suspects for this,

    - The Thwate should not recognize as the CSR format (unlikely)

    - The Version 7.0 because it is new, deals of the generation of CSR file in a different way of default (also unlikely)

    - The WebGUI tool has some sort of bug, which generates the CSR, he does not read correctly the information.

    I will try to generate the same key using the tool zmcertmgr and i will post again.

  6. #6
    kruon is offline Loyal Member
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    5

    Default

    Quote Originally Posted by clark kent View Post
    - The Thwate should not recognize as the CSR format (unlikely)
    Very unlikely, as they have CSR parser which checks if the file you send them is valid, and gives the error.


    Quote Originally Posted by clark kent View Post
    - The Version 7.0 because it is new, deals of the generation of CSR file in a different way of default (also unlikely)
    Was there a CSR creator in 6.x webgui?

    Quote Originally Posted by clark kent View Post
    - The WebGUI tool has some sort of bug, which generates the CSR, he does not read correctly the information.
    This is what I'd assume aswell.

    Quote Originally Posted by clark kent View Post
    I will try to generate the same key using the tool zmcertmgr and i will post again.
    Using zmcertmgr from command line, you should end up with valid Certificate Signing Request.

  7. #7
    clark kent is offline Junior Member
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Default

    Good news.

    I formatted my server and i installed Zimbra Open 6.0. I generated the certificate CSR by WebGUI normally, just as i tryed in Zimbra 7.0 and the Thawte recognized perfectly my certificate

    Really believe it's a Bug in WebGUI tool, I will pass this information to the staff of Zimbra to investigate better what may be happening.


    Thank you for your help.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Problem with commercial certificate
    By ppaixao in forum Administrators
    Replies: 3
    Last Post: 06-05-2012, 01:49 PM
  2. SSL certificate installation fails
    By TheInfinity in forum Administrators
    Replies: 0
    Last Post: 12-09-2010, 04:06 AM
  3. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  4. Commercial SSL certtificate installation
    By Daryl Jones in forum Installation
    Replies: 6
    Last Post: 02-13-2006, 12:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •