I have been trying for a few days now to get commercial certificates to work properly with Zimbra 5 RC2. I must be going wrong somewhere, though I have been following the instructions here to the letter.
This is the process I have used:
At this step, am I correct in thinking the certificate request must have an alias of "jetty" rather than "tomcat"? (it says tomcat in the wiki).1. Create the keystore
keytool -genkey -alias jetty -keyalg RSA -keystore /opt/zimbra/ssl/ssl/commercial.keystore
2. keytool -certreq -keyalg RSA -alias jetty -file /opt/zimbra/ssl/ssl/commercial.csr -keystore /opt/zimbra/ssl/ssl/commercial.keystore
Are there any known issues with *.mydomain.com certificates?3. Sent the contents of commercial.csr to DigiCert and got three certificates back:
Replacing the keystore with a backup of the old one, and then restarting Zimbra fixes this problem.4. Installed the certificates into the keystore in the order listed above. Everything went fine. Got the correct responses and "Certificate reply was installed in keystore".
5. Copied the keystore to /opt/zimbra/jetty/etc/keystore. I did change the permissions appropriatly.
6. Restart Zimbra (zmcontrol start;zmcontrol stop). When I do so, and go to the web client, I get a page not found!