Hi,

I have been trying for a few days now to get commercial certificates to work properly with Zimbra 5 RC2. I must be going wrong somewhere, though I have been following the instructions here to the letter.

This is the process I have used:

1. Create the keystore
keytool -genkey -alias jetty -keyalg RSA -keystore /opt/zimbra/ssl/ssl/commercial.keystore

2. keytool -certreq -keyalg RSA -alias jetty -file /opt/zimbra/ssl/ssl/commercial.csr -keystore /opt/zimbra/ssl/ssl/commercial.keystore
At this step, am I correct in thinking the certificate request must have an alias of "jetty" rather than "tomcat"? (it says tomcat in the wiki).

3. Sent the contents of commercial.csr to DigiCert and got three certificates back:
  • TrustedRoot.crt
  • DigiCertCA.crt
  • star_mydomain_org.crt
Are there any known issues with *.mydomain.com certificates?

4. Installed the certificates into the keystore in the order listed above. Everything went fine. Got the correct responses and "Certificate reply was installed in keystore".

5. Copied the keystore to /opt/zimbra/jetty/etc/keystore. I did change the permissions appropriatly.

6. Restart Zimbra (zmcontrol start;zmcontrol stop). When I do so, and go to the web client, I get a page not found!
Replacing the keystore with a backup of the old one, and then restarting Zimbra fixes this problem.

Any ideas?

Many thanks,
Gary