Results 1 to 7 of 7

Thread: Zimbra CS RC2 Commercial Certificate

  1. #1
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    8

    Default Zimbra CS RC2 Commercial Certificate

    Hi,

    I have been trying for a few days now to get commercial certificates to work properly with Zimbra 5 RC2. I must be going wrong somewhere, though I have been following the instructions here to the letter.

    This is the process I have used:

    1. Create the keystore
    keytool -genkey -alias jetty -keyalg RSA -keystore /opt/zimbra/ssl/ssl/commercial.keystore

    2. keytool -certreq -keyalg RSA -alias jetty -file /opt/zimbra/ssl/ssl/commercial.csr -keystore /opt/zimbra/ssl/ssl/commercial.keystore
    At this step, am I correct in thinking the certificate request must have an alias of "jetty" rather than "tomcat"? (it says tomcat in the wiki).

    3. Sent the contents of commercial.csr to DigiCert and got three certificates back:
    • TrustedRoot.crt
    • DigiCertCA.crt
    • star_mydomain_org.crt
    Are there any known issues with *.mydomain.com certificates?

    4. Installed the certificates into the keystore in the order listed above. Everything went fine. Got the correct responses and "Certificate reply was installed in keystore".

    5. Copied the keystore to /opt/zimbra/jetty/etc/keystore. I did change the permissions appropriatly.

    6. Restart Zimbra (zmcontrol start;zmcontrol stop). When I do so, and go to the web client, I get a page not found!
    Replacing the keystore with a backup of the old one, and then restarting Zimbra fixes this problem.

    Any ideas?

    Many thanks,
    Gary

  2. #2
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    8

    Default

    Another worthwhile piece of information is that this certificate was generated for tomcat servers. I have not seen an option to generate for Jetty, does this make a difference?

    Please, if anybody has any ideas, this is quite important as it is for one of our dedicated server clients.

    Thanks.

  3. #3
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    From the way you have written your instructions that you tried I am going to assume that you are using a 5.0 RC2 build? If not please clarify (you might want to put the output of zmcontrol -v into your profile)

    Anyway you might want to try a crazy thing and use the built in wizard that is provided for this sort of situation
    If you are using 5.0RC2 it should be already installed. If so you will have a Certificates area in your tools section of the admin interface. Click on it and then click on Install certificate. The rest of the procedure you should be able to figure out.

  4. #4
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    8

    Default

    Hi ArcanMagus,

    Absolutely spot on mate. Never even knew there was such a wizard! If only they had put that in the commercial certificate documentation! :P

    Everything seems to be working now. I will try to use this for my future certificates. If I am using an older version 4.5.9/10 do you know if this wizard is installed by default? If not, is there a guide knocking around that you know about off the top of your head for installing it?

    Many many thanks!

    Gary

  5. #5
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    I believe the admin extension relies on 5.0 only admin console changes.
    -I have updated the notes at the top of both Commercial Certificates - Zimbra :: Wiki & SSL Certificate Problems - Zimbra :: Wiki
    Last edited by mmorse; 12-05-2007 at 02:56 PM.

  6. #6
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    8

    Default

    Ok, thats great! I'm sure those updates will come in handy to anybody reading them properly. I haven't had too many issues with installing certificates in the earlier versions, but having that certificate tool cut the time right down. Many thanks once more!

    Regards,
    Gary

  7. #7
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    8

    Default Follow up thread

    I have posted a follow up to this thread that concerns integrating certificates. I think if this issue is solved, it would make a good addition to the certificate instructions:

    Thread is here

Similar Threads

  1. [SOLVED] Spam Being Sent Thru Server - Help Needed!
    By msf004 in forum Administrators
    Replies: 22
    Last Post: 03-15-2008, 12:11 AM
  2. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  3. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 04:48 PM
  4. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 07:47 AM
  5. Monitoring : Data not yet avalaible
    By s3nz3x in forum Installation
    Replies: 7
    Last Post: 11-30-2005, 07:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •