Results 1 to 3 of 3

Thread: ssl on 3.0.1_GA_160_SuSE10

Hybrid View

  1. #1
    Join Date
    Mar 2006
    Posts
    67
    Rep Power
    9

    Default ssl on 3.0.1_GA_160_SuSE10

    I done several clean installs on suse 10 trying to find a way to work with ssl certs.

    I've tried the many ideas in the forums to at least remove the current default certs and create a new set with zmcreatecert anc zmcreateca. Here is what I get:

    keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
    keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra

    are successfully used.

    Then in /opt/zimbra:

    mv ssl ssl.back
    mkdir ssl
    chown zimbra:zimbra ssl

    Then:

    ** Creating CA private key

    Generating a 1024 bit RSA private key
    ................................++++++
    ............++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
    -----
    ** Creating CA cert

    Signature ok
    subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=servername
    Getting Private key
    unable to write 'random state'

    Then

    zmcreatecert

    ** Importing CA

    Certificate was added to keystore
    ** Creating keystore

    ** Creating server cert request

    Generating a 1024 bit RSA private key
    .............++++++
    ..................++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
    -----
    ** Signing cert request

    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    Check that the request matches the signature
    Signature ok
    Certificate Details:
    Serial Number: 3 (0x3)
    Validity
    Not Before: Apr 3 21:24:08 2006 GMT
    Not After : Apr 3 21:24:08 2007 GMT
    Subject:


    stuff

    Certificate is to be certified until Apr 3 21:24:08 2007 GMT (365 days)

    Write out database with 1 new entries
    Data Base Updated
    unable to write 'random state'
    Signature ok
    subject=stuff
    Getting CA Private Key
    unable to write 'random state'

    then

    zmcertinstall mailbox
    ** Importing server cert

    keytool error: java.lang.Exception: Public keys in reply and keystore don't match


    zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key
    ** Importing server cert

    hmmm. now what?

  2. #2
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Just to be clear does the default self signed certs not work for you? Are you trying to add a commercial cert or self signed cert after the fact?
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    Join Date
    Mar 2006
    Posts
    67
    Rep Power
    9

    Default

    Quote Originally Posted by KevinH
    Just to be clear does the default self signed certs not work for you? Are you trying to add a commercial cert or self signed cert after the fact?

    I am in the process of intalling a real cert, but I'm trying to install s self signed cert to make sure I can get back to having some kind of cert. I have logged back into the system after making the self signed cert (stopping then starting zimbra) and https seems to be working. I don't know why there are errors but it still seems to work.

    The next phase was to try to install real certs.

Similar Threads

  1. Installing commercial ssl on zimbra cs (network ed.)
    By keithop in forum Administrators
    Replies: 4
    Last Post: 04-28-2009, 04:16 PM
  2. Certificate Change Kicks Moto Q off of SSL Synch
    By theasbcguy in forum Zimbra Mobile
    Replies: 3
    Last Post: 04-14-2008, 12:01 PM
  3. Disable SSL on the Admin Port 7071
    By rasputin in forum Installation
    Replies: 2
    Last Post: 04-06-2008, 03:29 AM
  4. Help with tomcat ssl errors...
    By sgtstadanko in forum Administrators
    Replies: 4
    Last Post: 03-19-2007, 09:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •