Hola,

las herramientas que ofrece zimbra por consola para colocar o reinstalar certificados son muy utiles y simples de usar, pero he tenido un problema seria al intentar desplegar un certificado de 2048 bit que compre en thawte y lo mismo me paso el año pasado , pero esa vez fue con un certificado comprado en godaddy cree el *.scr con openssl de esta manera

0) Make a working directory and work out of it, FOR example.
mkdir /root/zimbra_cert

1) Generate a key ( has to have a password initially ?? )
openssl genrsa -des3 -out zimbra_password.key 2048

2) remove the password from key file ( use password set in step 1 above )
openssl rsa -in zimbra_password.key -out zimbra.key

3) generate CSR ( make sure CN is correct for application etc)
openssl req -new -key zimbra.key -out zimbra.csr

4) view and verify CSR values, this is optional step.
openssl req -noout -text -in zimbra.csr

5) copy & paste contents of zimbra.csr to godaddy as needed.

6) download domain_certificate.zip from godaddy as needed.

7) unzip file should be 2 files www.domain.com.crt and gd_bundle.crt

8) make copy of www.domain.com.crt to commercial.crt to make things clean.
cp www.domain.com.crt commercial.crt

10) copy new key to zimbra path, MAY want to backup current key first.
cp zimbra.key /opt/zimbra/ssl/zimbra/commercial/commercial.key

11) verify crt from working dir or fix the paths below.
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt gd_bundle.crt

12) if verify step above is okay, deploy certificate.
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt gd_bundle.crt

esto lo encontre en un foro de la misma pagina y todo funciono bien hasta me salio este rsultado ...

[root@correo2 commercial]# /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt commercial_ca.crt
** Verifying commercial.crt against commercial.key
Certificate (commercial.crt) and private key (commercial.key) match.
Valid Certificate: commercial.crt: OK
[root@correo2 commercial]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: commercial.crt: OK
** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
cp: `commercial.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial.crt' are the same file
** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
cp: `commercial_ca.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' are the same file
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done
todo parecia estar bien hasta que reinicie el zimbra y me salio esto ...

Host correo2.goodhope.org.pe
Starting ldap...Done.
FAILED
Failed to start slapd. Attempting debug start to determine error.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:356
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:358
main: TLS init def ctx failed: -1

la verdad no se que es lo que se traen todo esto ... pero ahora me pone en apuros ... como se soluciona esto ... agradecere cualquier sugerencia ... gracias