Results 1 to 2 of 2

Thread: [SOLVED] unable to upgrade a test commercial ssl cert

  1. #1
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default [SOLVED] unable to upgrade a test commercial ssl cert

    i have installed a fressl cert, it's near to expire, i bought the definitive one but during installing the new one i get:

    Code:
    sudo zmcertmgr deploycrt comm /opt/zimbra/log/freessl/commercial.crt /opt/zimbra/log/freessl/commercial_ca.crt
    ** Verifying /opt/zimbra/log/freessl/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/log/freessl/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /opt/zimbra/log/freessl/commercial.crt: OK
    ** Copying /opt/zimbra/log/freessl/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /opt/zimbra/log/freessl/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.
    
    XXXXX ERROR: failed to create jetty.pkcs12
    No certificate matches private key

    i am unable to find anything in the wiki regarding:
    renew commercial certs in 5.0.x

    i find in the wiki the suggestion:
    chmod 644 /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/
    i did it but nothing happened

    any help will be very apreciated
    Last edited by maumar; 08-21-2008 at 04:56 PM.

  2. #2
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default how i solved my issue

    at last, i was able to install rapid ssl cert ; the issue was:
    the last char in commercial.crt should be a carriage return!

    otherwise, after concat of commercial.crt with commercial_ca.crt
    you get:
    Code:
    -----END CERTIFICATE----------BEGIN CERTIFICATE-----
    i think it's not a good practice to concatenate 2 text files without testing if last char in first file is a cr; zmcertmgr should check for it and :
    1. exit with a warn message asking user to adding it
    2. add a cr to end of commercial.crt and go on with concatenation

    i think it is worthwhile to open a bug in bugzilla, i'll do

    m.
    Last edited by maumar; 08-21-2008 at 05:07 PM.

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 01:51 AM
  2. Replies: 23
    Last Post: 05-06-2008, 02:24 PM
  3. Replies: 2
    Last Post: 03-25-2007, 09:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •