Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 35

Thread: [SOLVED] GoDaddy certs on 5.0.6

  1. #11
    Join Date
    Aug 2007
    Location
    Hyderabad, India
    Posts
    96
    Rep Power
    8

    Default Same problem here

    Hi,

    I am using same ersion on same OS and I have 4 files from godaddy

    mydomain.crt
    sf_bundle.crt
    sf_cross_intermediate.crt
    sf_intermediate.crt

  2. #12
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    rajeshkodali, as your post is very relevant to this thread I have deleted the new thread you opened

  3. #13
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

  4. #14
    Join Date
    May 2008
    Posts
    118
    Rep Power
    7

    Default

    I just re-generated the keys for tomcat, and still no luck.

    Out of curiosity, which root CA did you use? There are two roots on their site, plus they send you a bundle in the zip with your key?

    Also in the zip are two intermediate keys (one regular and another cross). Did you use the cross?

    Can you be specific as to which keys you used?

  5. #15
    Join Date
    May 2008
    Posts
    118
    Rep Power
    7

    Default

    awesome. The workaround there worked for me (select all servers)

  6. #16
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    For those who haven't visited the bug:

    A) The easiest workaround is to specify "--- All Servers ---" as the target server when installing the commericial cert.

    B) The other way is to create the commercial_ca.crt (concantenated chain file) manually under /opt/zimbra/ssl/zimbra/commercial.

    Order of the GoDaddy chain certs for concatenation:
    * RootCA
    * gd_cross_intermediate.crt
    * gd_intermediate.crt
    * server_name.crt

  7. #17
    Join Date
    Oct 2006
    Posts
    55
    Rep Power
    8

    Default

    3) the commercail_ca.crt file is your chain cert files conactenated together
    and the commercial.crt is your server cert file.
    The error says that your cert chain is broken, please fix and try again

  8. #18
    Join Date
    May 2007
    Posts
    54
    Rep Power
    8

    Default

    Joshua, did you upgrade from a 4.x installation? Did you install your certs in 4 or in 5 originally?

  9. #19
    Join Date
    May 2007
    Posts
    54
    Rep Power
    8

    Default

    I received a zip file in my email with mydomain.crt and gd_intermediate_bundle.crt only

    I then went to GoDaddy Repository here and downloaded the gd-class2-root.crt file.

    So that's the three files that I have.

  10. #20
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Quote Originally Posted by Ramadan Mansoura View Post
    Please check the following:

    (1) current aliases in the keystore
    keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`

    (2) delete all aliases except the jetty alias following this example
    keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
    (3) verify the cert and the private key match
    /opt/zimbra/bin/zmcertmgr verifycrt comm /path/to/private_key /path/to/server_crt
    (4) verify the private_key , server_cert, and the chain
    /opt/zimbra/bin/zmcertmgr verifycrt /path/to/private_key /path/to/server_cert /path/to/chain_cert
    (4) deploy
    /opt/zimbra/bin/zmcertmgr deploycrt comm /path/to/private_key /path/to/server_cert /path/to/chain_cert
    (5) restart the zimbra services
    Please translate for us who don't know it all, Ramadan. Where are the paths to the private key, for example? That first command gives me one key (Jetty) with a private key, do I save it to a text file to compare?

    And Josh, I tried exporting as Tomcat and it blew up for me. What, specifically, did you do?
    Cheers,

    Dan

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 01:51 AM
  2. Zimbra Hates GoDaddy
    By void in forum Administrators
    Replies: 18
    Last Post: 07-09-2009, 10:27 AM
  3. Need help installing GoDaddy certificate on ZCS 5.0.6
    By ScottChapman in forum Administrators
    Replies: 5
    Last Post: 06-10-2008, 08:22 AM
  4. Replies: 2
    Last Post: 03-25-2007, 09:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •