We recently purchased a 1-2-3 SSL certificate from Thawte. The license came in a file named "cert.cer" and is in a pkcs7 format. After following the tutorial on the Zimbra Wiki on how to install a commercial cert for Postfix we ran into problems...
The "cer"-file is not accepted by Postfix at all. The key file was extracted successfully using the methods described in the Wiki post, but smtpd refuses to use TLS.
When telneting and using starttls the logs say:
Code:
warning: cannot get certificate from file /opt/zimbra/conf/smtpd.crt
warning: TLS library problem: 17864:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1296:
warning: TLS library problem: 17864:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509_CINF:
...
cannot load RSA certificate and key data
...which of course is A Bad Thing. I am suspecting this is more of an OpenSSL thing but I still wanted to check in with you guys to see if there's someone out there who's already gone through this kind of issue.
I came across
http://www.openssl.org/docs/apps/pkcs7.html which describes how-to convert pkcs7 into DER from PEM, but as my ".cer" already is plain/text I'm thinking this is irrelevant...
Anyone?
Bugzilla
Wiki
Source
SSL certificate format problems 
Linear Mode
