Results 1 to 9 of 9

Thread: [SOLVED] CACert

  1. #1
    Join Date
    Jul 2007
    Location
    Brazil
    Posts
    55
    Rep Power
    8

    Unhappy [SOLVED] CACert

    Hi,

    I am trying to use the instructions on the "CACert SSL Certificate Procedure"
    on zimbra wiki "Commercial_Certificates"

    My keystore password is "zimbra".

    [zimbra@mailhost certs]$ zmlocalconfig -s tomcat_keystore_password
    tomcat_keystore_password = zimbra

    But I have this error when I try to import the root certificate.

    [zimbra@mailhost certs]$ keytool -import -alias cacertclass1ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -import -trustcacerts -file root.crt
    Enter keystore password: zimbra
    keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
    [zimbra@mailhost certs]$

    Whatīs wrong?

    Best regards,
    Bibo

  2. #2
    Join Date
    Jul 2007
    Location
    Brazil
    Posts
    55
    Rep Power
    8

    Default

    I forgot to send the URL
    Commercial Certificates - ZimbraWiki

    Best Regards,
    Bibo

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    In this command:

    Code:
    keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
    Did you modify the 'changeit' to your password 'zimbra'? If that's what you did then do it again and type the command completely as you see it, the word 'changeit' should not be changed.

    You should also check the permissions are correct on:

    Code:
    chmod 644 /opt/zimbra/java/jre/lib/security/cacerts
    Last edited by phoenix; 10-02-2007 at 05:15 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    Join Date
    Jul 2007
    Location
    Brazil
    Posts
    55
    Rep Power
    8

    Default

    Ops,

    I didnīt change 'changeit'. I did copy and paste.
    How do I change the password again?
    I tried this command below but didnīt work.

    $ keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass zimbra
    keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

    If I repeat the wrong command I have:
    $ keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
    keytool error: java.lang.Exception: Alias <my_ca> does not exist

    How do I fix this?

    Best regards,
    Bibo


    Quote Originally Posted by phoenix View Post
    In this command:

    Code:
    keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
    Did you modify the 'changeit' to your password 'zimbra'? If that's what you did then do it again and type the command completely as you see it, the word 'changeit' should not be changed.

    You should also check the permissions are correct on:

    Code:
    chmod 644 /opt/zimbra/java/jre/lib/security/cacerts

  5. #5
    Join Date
    Jul 2007
    Location
    Brazil
    Posts
    55
    Rep Power
    8

    Default

    Hi,

    I read a article that said Tomcat uses a default password of "changeit".
    Is it true?
    If this is true than I donīt need to change the password. Right?

    Best Regards,
    Bibo

    PS: My permission on /opt/zimbra/java/jre/lib/security/cacerts is 744

  6. #6
    Join Date
    Jul 2007
    Location
    Brazil
    Posts
    55
    Rep Power
    8

    Default

    Hi,

    I used the password 'changeit' for below commands and it is work

    $ keytool -import -alias cacertclass1ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -import -trustcacerts -file root.crt
    $ keytool -import -alias cacertclass3ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -import -trustcacerts -file class3.crt

    Thanks,
    Bibo

  7. #7
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    all good? (ie: can I mark this as solved?)

  8. #8
    Join Date
    Jul 2007
    Location
    Brazil
    Posts
    55
    Rep Power
    8

    Default

    Sure.

    How could I make this as solved?

    []īs,
    Bibo

    Quote Originally Posted by mmorse View Post
    all good? (ie: can I mark this as solved?)

  9. #9
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    thread tools dropdown > marked as solved -but I can do it for you as well

    ----
    Though I hope we're not having some sort of language miscommunication, I took your post to be cheerful/you fixed all of your problem:
    Quote Originally Posted by bibo
    and it is work
    -I'll wait till you've replied if you fixed your entire problem or not

    ----
    update: bibo added the [Solved] tag himself
    Last edited by mmorse; 10-03-2007 at 01:13 PM.

Similar Threads

  1. Using CACert as a CA in Zimbra
    By lfarkas in forum Administrators
    Replies: 1
    Last Post: 04-24-2006, 11:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •