Problem installing certificate

[dasprid]

Hi everyone,

I'm currently trying to install a certificate in a Zimbra installation. The certificate is already working with the Apache2 webserver. The CRS was created with the system's openssl installation.

When doing

Code:

/opt/zimbra/bin/zmcertmgr verifycrt comm private.key public.crt intermediate.crt

I get the following error:

Code:

error 2 at 2 depth lookup:unable to get issuer certificate

That error is produced by the following call:

Code:

/opt/zimbra/openssl/bin/openssl verify -purpose sslserver -CAfile intermediate.crt public.crt

But when doing the same call with the system's openssl installation:

Code:

/usr/bin/openssl verify -purpose sslserver -CAfile intermediate.crt public.crt

I get the following output:

Code:

public.crt: OK

The only difference I could find between the two openssl instances was:

Code:

/usr/bin/openssl version
OpenSSL 0.9.8k 25 Mar 2009

/opt/zimbra/openssl/bin/openssl version
OpenSSL 0.9.8o 01 Jun 2010

So, eventually the question is: how to solve the problem?

[vavai]

Hi,

Who is the issuer of the certificate? I've installed commercial certificate from Godaddy & RapidSSL without problem.

[dasprid]

Hi vavai,

The issuer is Thawte.

[vavai]

Have you ever try the suggestion on the following link?

Unable to get issuer certificate - Zimbra :: Wiki

Thawte SSL123 (Did not Use Admin Panel)

[dasprid]

Thank you, concatinating the root certificate to the intermediate one did the trick.

Someone should seriously write that down that the openssl version of Zimbra requires the root certificate as well, and not only the intermediate one.

[vavai]

Hi,

Quote:

Originally Posted by dasprid

Thank you, concatinating the root certificate to the intermediate one did the trick.

Glad to hear that you have resolved the problem.

Quote:

Originally Posted by dasprid

Someone should seriously write that down that the openssl version of Zimbra requires the root certificate as well, and not only the intermediate one.

How if you write down your experience on the Zimbra wiki? Or maybe write down your experience here so I can help to write your tips on Zimbra wiki.

[sonialazik]

Quote:

Originally Posted by dasprid

Hi everyone,

I'm currently trying to install a certificate in a Zimbra installation. The certificate is already working with the Apache2 webserver. The CRS was created with the system's openssl installation.

When doing

Code:

/opt/zimbra/bin/zmcertmgr verifycrt comm private.key public.crt intermediate.crt

I get the following error:

Code:

error 2 at 2 depth lookup:unable to get issuer certificate

That error is produced by the following call:

Code:

/opt/zimbra/openssl/bin/openssl verify -purpose sslserver -CAfile intermediate.crt public.crt

But when doing the same call with the system's openssl installation:

Code:

/usr/bin/openssl verify -purpose sslserver -CAfile intermediate.crt public.crt

I get the following output:

Code:

public.crt: OK

The only difference I could find between the two openssl instances was:

Code:

/usr/bin/openssl version
OpenSSL 0.9.8k 25 Mar 2009

/opt/zimbra/openssl/bin/openssl version
OpenSSL 0.9.8o 01 Jun 2010

So, eventually the question is: how to solve the problem?

Thank you, concatinating the root certificate to the intermediate one did the trick.