Results 1 to 5 of 5

Thread: Commercial cert : where to store passphrase ? SMTP related

  1. #1
    Join Date
    Jun 2009
    Posts
    22
    Rep Power
    6

    Default Commercial cert : where to store passphrase ? SMTP related

    Hello,

    I'm trying to get secure SMTP work on Zimbra 5.0.13 with a geotrust commercial cert.
    With the default self-signed cert :

    Code:
    220 testserver.mydomain.com ESMTP Postfix
    ehlo xyz
    250-testserver.mydomain.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    starttls
    220 Ready to start TLS
    After installing the commercial cert (following Administration_Console_and_CLI_Certificate_Tools :
    Code:
    220 testserver.mydomain.com ESMTP Postfix
    ehlo xyz
    250-testserver.mydomain.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    starttls
    454 4.3.0 TLS not available due to local problem
    From zimbra.log, I see that there's a problem getting the password for the private key :

    Code:
    Aug  4 23:11:17 testserver postfix/smtpd[10653]: warning: cannot get private key from file /opt/zimbra/conf/smtpd.key
    Aug  4 23:11:17 testserver postfix/smtpd[10653]: warning: TLS library problem: 10653:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem_lib.c:105:
    Aug  4 23:11:17 testserver postfix/smtpd[10653]: warning: TLS library problem: 10653:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:403:
    Aug  4 23:11:17 testserver postfix/smtpd[10653]: warning: TLS library problem: 10653:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:
    Aug  4 23:11:17 testserver postfix/smtpd[10653]: cannot load RSA certificate and key data
    My question is :
    How to store the PEM passphrase for my geotrust certificate (which is the same for the private key) in zimbra ?

    I'm also getting a request when starting zimbra :
    Code:
    zimbra@testserver:~$ zmcontrol start
    Host testserver.mydomain.com
    	Starting ldap...Enter PEM pass phrase:
    Done.
    I tried to remove the passphrase from the commercial.key file, (openssl rsa -in commercial.key -out new.key, then rename the key and redeploy). Starttls work, but my certificate is not viewed as a valid one anymore.

    Thanks for your help.

    Ben
    Last edited by breverend; 08-04-2009 at 11:02 AM.

  2. #2
    Join Date
    Jun 2009
    Posts
    22
    Rep Power
    6

    Default

    No one uses a commercial cert with a passphrase ?

  3. #3
    Join Date
    May 2007
    Location
    Winnipeg, Manitoba, Canada
    Posts
    127
    Rep Power
    8

    Default

    Sorry to kick an old thread, bad protocol.

    I just installed a commercial cert, and I have the same issue. I have to manually start Zimbra after a reboot to type in the passphrase.

    Gerald

    Code:
    zimbra@mail:~$ zmcontrol start
    Host mail.norscan.com
    	Starting ldap...Enter PEM pass phrase:
    Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    	Starting logger...Done.
    	Starting convertd...Done.
    	Starting mailbox...Done.
    	Starting antispam...Done.
    	Starting antivirus...Done.
    	Starting snmp...Done.
    	Starting spell...Done.
    	Starting mta...Done.
    	Starting stats...Done.

  4. #4
    Join Date
    Jun 2010
    Posts
    198
    Rep Power
    5

    Default

    Quote Originally Posted by gbr View Post
    Sorry to kick an old thread, bad protocol.

    I just installed a commercial cert, and I have the same issue. I have to manually start Zimbra after a reboot to type in the passphrase.

    Gerald

    Code:
    zimbra@mail:~$ zmcontrol start
    Host mail.norscan.com
    	Starting ldap...Enter PEM pass phrase:
    Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    	Starting logger...Done.
    	Starting convertd...Done.
    	Starting mailbox...Done.
    	Starting antispam...Done.
    	Starting antivirus...Done.
    	Starting snmp...Done.
    	Starting spell...Done.
    	Starting mta...Done.
    	Starting stats...Done.
    guess, you have to remove the passphrase.

  5. #5
    Join Date
    Jun 2009
    Posts
    22
    Rep Power
    6

    Default

    Removing a passphrase from an SSL Key

    Remove the passphrase, and put the new key in your zimbra directory.

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  2. Failed Commercial Cert Migration
    By solarsail in forum Administrators
    Replies: 10
    Last Post: 04-23-2009, 02:03 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 08:46 PM
  4. Replies: 2
    Last Post: 03-25-2007, 10:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •