Results 1 to 3 of 3

Thread: Certificate from company CA

  1. #1
    Join Date
    Mar 2006
    Location
    Czech Republic
    Posts
    81
    Rep Power
    9

    Default Certificate from company CA

    Currently I am testing 5.0.4 GA on CentOS 4.6 while my production install is 4.5.4. I want to go with certificate issued by our company CA which is Microsoft Certification Services. (it works greate at 4.5.4). I create CSR. submit into CA, get certificate. However, when I try to install certificate and the root certificate via Admin extension certificate tool I am always getting this:

    Your certificate was not installed due to error : system failure: XXXXX
    ERROR: Unmatching certificate
    (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.

    Of course that our company CA is not trusted but I do not know if this is the reason. I have read a lot of posts here and in the wiki but could not find a solution that fits my case. Anyone to help me?

  2. #2
    Join Date
    Mar 2006
    Location
    Czech Republic
    Posts
    81
    Rep Power
    9

    Default Solved

    It is solved however I am not quite sure I can reproduce the whole solution. I made at least 3 mistakes I know about:

    1. It is necessary to choose Base64 encoding when downloading certificate from Microsoft CA.

    2. The template used to create cert has to be Web Server (IPSec does not work for that, but I am not sure if Administrator template would work)

    3. There was a really nasty problem caused by system clock on the mailserver that was more than one hour late of the clock on the certificate server (DST time change did not work well). Thus certificate could not be installed because it was not yet valid by one hour!

  3. #3
    Join Date
    Apr 2008
    Location
    Gainesville, FL
    Posts
    32
    Rep Power
    7

    Default

    Just wanted to thank you for posting this. You were spot-on with the Base 64 encoding requirement, as I spent a good 20-30 minutes wondering why DER encoding wasn't working! I also had to make sure I removed the Intermediate CA field (as it didn't exactly apply). I only used the Root CA & [server] certificate fields when importing Microsoft CA-generated certificates. I'm currently running Release 5.0.4_GA_2101.UBUNTU6 UBUNTU6 FOSS edition on a VMWare server (again on Ubuntut 6.06LTS).

    Thanks for your help!

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. Certificate fun...
    By TommyTheKid in forum Administrators
    Replies: 2
    Last Post: 02-12-2008, 04:32 PM
  3. Self-Signed SSL Certificate Causing Crash
    By VxJasonxV in forum Administrators
    Replies: 1
    Last Post: 12-06-2007, 12:24 PM
  4. Replies: 1
    Last Post: 11-05-2007, 05:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •