Results 1 to 5 of 5

Thread: Integrating Intermediate Root Certificates using the Zimbra Certificate Tool

  1. #1
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    8

    Default Integrating Intermediate Root Certificates using the Zimbra Certificate Tool

    Hi guys,

    Everything in this thread relates to Zimbra 5 RC2.

    This is kind of a follow up to my other thread. According to the instructions in the article here, the method for integrating root certificates is as follows:

    If your certificate is in DER format it must be converted to PEM:
    openssl x509 -out exported-pem.crt -outform pem -text -in exported.crt -inform der
    If it is already in PEM format then you simply run this command:
    cat exported-pem.crt ca_int1.crt ca_int2.crt >> my.crt
    Am I correct in assuming that when using the wizard, you would perform these steps:
    1. Generate CSR
    2. Send CSR to CA and receive reply (in my case the certificate and two intermediate ones- including a Root certificate)
    3. Intergrate the certificates on the command line
    4. Install the certificate using the wizard on the admin interface.

    This makes perfect sense to me, and I think these are helpful instructions for people new to the process.

    My problem however, is what if you miss out step 3? I happen to have done this by accident. Does anybody know what the solution is? I would really rather not re-submit another csr and have to install it again, but if that is the solution then so be it. What I am wondering is, can I simply merge the certificates now, and go straight to the install process on the wizard?

    Many thanks,
    Gary

  2. #2
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    8

    Default

    does anybody have any ideas on this one? I only need a little advice to go ahead with it.

    Many thanks,
    Gary

  3. #3
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    8

    Default

    For the record, I tried merging the certificates using those instructions and then I tried to use the wizard. I got the following error:


    Not really a huge surprise because it is not going to match the key if it has two other certificates inside it.

    Is there any way to install the root certificates and intermediate certificates using the wizard separately? If not, is there anyway I can add them into a keystore somewhere?

    Using certain programs and web browsers, the certificate is valid right now as it is, but it gives "the correct root certificate is not installed". Really need to fix that.

    Many thanks,
    Gary

  4. #4
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    8

    Default Another update

    I am continuing to work on this issue and I have another question:

    Since my certificates are in PEM format I have decided to attempt the manual steps again. The question is, when making a PKCS12 file, how does one cater for the root and intermediate certificates?
    The instructions state:

    keytool -import -alias YOUR_CA_NAME -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -trustcacerts -file /PATH/TO/YOUR/CACERT
    Is this the same for Version 5 RC2? I have tried this without much success. I still get the error:

    "The correct root certificate is not installed"
    Any help here guys?

    Thanks

  5. #5
    Join Date
    Oct 2007
    Posts
    67
    Rep Power
    8

    Default

    Well I ended up solving this by moving to another CA that didn't need an intermediate certificate installing (GeoTrust). I would have liked to have got things working with DigiCert but it wasn't to be. I will mark this thread solved, but I guess it isn't really. It would be worthwhile in the future if you guys could work out some documentation for intermediate certificates on version 5 either with or without the wizard.

    Many thanks,
    Gary

Similar Threads

  1. Replies: 26
    Last Post: 04-19-2011, 09:24 AM
  2. Replies: 5
    Last Post: 12-04-2007, 04:40 PM
  3. [SOLVED] Not able to receive or send mail
    By joeleo in forum Installation
    Replies: 22
    Last Post: 10-12-2007, 02:25 PM
  4. Replies: 2
    Last Post: 10-04-2007, 03:20 PM
  5. FC3 Install and no zimbra ?
    By aws in forum Installation
    Replies: 10
    Last Post: 10-09-2005, 04:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •