Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: GoDaddy Certs in ZCS 6.0.1

  1. #1
    Join Date
    Sep 2009
    Posts
    1
    Rep Power
    6

    Unhappy GoDaddy Certs in ZCS 6.0.1

    good day!

    has anyone tried to install a go-daddy signed commercial cert in zcs6?

    whenever i try to do this, all checks go ok (ca-chain and cert + key), however when i restart the system (zmcontrol stop, zmcontrol start) all communication with the system is denied.

    when i try to change modes with zmtlsctl i get the following error message:

    ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target)
    Setting tls mode to http
    Updating /opt/zimbra/mailboxd/etc/jetty.xml.in...done.
    Updating /opt/zimbra/mailboxd/etc/service.web.xml.in...done.
    Updating /opt/zimbra/jetty/etc/zimbra.web.xml.in...done.
    Updating /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in...done.
    Updating PROTOCOL MODE in /opt/zimbra/mailboxd/etc/zimbra.web.xml.in...done.
    Updating /opt/zimbra/mailboxd/etc/jetty.xml.in...done.
    Updating /opt/zimbra/cyrus-sasl/etc/saslauthd.conf.in...done.
    Rewriting config files for cyrus-sasl, webxml and mailboxd...failed.


    all help is welcome :-)

    greetings

    michael

  2. #2
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    Please keep us updated on this. My 5.0.18 has a GoDaddy cert and I am looking forward to upgrading to 6.0.1 (or 6.0.2 if available) in the upcoming weeks.

    Also, good luck.

  3. #3
    Join Date
    Apr 2008
    Posts
    17
    Rep Power
    7

    Default

    I just installed a GoDaddy commercial cert on 6.0.1 tonight. Seems to be working just fine, however, you cannot generate the CSR from Zimbra's Admin Console because GoDaddy apparently requires >= 2048-bit CSRs now, and the console only generates 1024-bit CSRs. You have to do it from the command line and use the "-keysize 2048" option.

    So basically, generate your CSR like this (as the "zimbra" account):

    sudo zmcertmgr createcsr comm -keysize 2048 -new "/C=US/ST=Texas/L=Austin/O=Blah Blah Blah/CN=whatever.company.com" -subjectAltNames "whatever.company.com"

    Once you have your actual cert from GoDaddy, you can install that from the Admin Console, you don't have to use command line for that part. Use gd-bundle.crt (it'll come inside your cert's zip file) as your intermediate cert, and gd-class2-root.crt (you can download that from GoDaddy's website) as your CA cert when the Admin Console asks for them.

  4. #4
    Join Date
    Dec 2005
    Location
    Dallas
    Posts
    32
    Rep Power
    9

    Default Glad I found this.

    Our upgrade from 5.0.13 to 6.0.1 was marred by problems with the cert. After I had support working on it Sunday night, I still had to change to non self signed certs and had this same problem.

    Your solution worked! However, I didn't read the part about which .crt to load where but since I had downloaded certs for Tomcat instead of Apache I had plenty!!


    Thanks so much.

  5. #5
    Join Date
    Jul 2009
    Posts
    11
    Rep Power
    6

    Default

    I haven't had any problems with my GoDaddy cert after upgrading from 5.0.18 -> 6.0.0 -> 6.0.1. My stats still aren't working properly, but that's another story.

    Unrelated, I also had a problem with ISPconfig 3 and the GD 2048 requirement. In that case I just edited a PHP file that's responsible for the cert creation and changed it to 2048.

  6. #6
    Join Date
    Oct 2009
    Location
    Toronto
    Posts
    8
    Rep Power
    6

    Default

    Hello There ... could you please tell us which PHP file you are referring?

  7. #7
    Join Date
    Aug 2007
    Location
    Hyderabad, India
    Posts
    96
    Rep Power
    8

    Default I am facing the same problem

    Hi,

    I am also facing the same problem. I generated csr in the same way mentioned. When I copy this in godaddy it still says that csr should be greater than 2048 ... I generated csr with multiple options like 3000 and 4000 nothing worked when pasted in godaddy. Please help me

  8. #8
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    You might want to change the value of 1024 in zmcertmgr script. I faced same issue.For me -keysize 2048 didnt work so i modified the tool and changed back after generating CSR

  9. #9
    Join Date
    Aug 2007
    Location
    Hyderabad, India
    Posts
    96
    Rep Power
    8

    Default The change in the complete script

    Hi,

    Should the change be made in all the funstions of create csr (), create key () .. etc

    Or the change has to be made only in create csr() ?

  10. #10
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    Change needs to be made at 2 places in /opt/zimbr/bin/zmcertmgr script. Search for 1024 and replace to 2048 .. create CSR and change back to original 1024 values.

Similar Threads

  1. Trouble Sending mail - All Messages deferred!
    By SiteDiscovery in forum Administrators
    Replies: 7
    Last Post: 09-03-2009, 05:52 AM
  2. Mail is being queued, not delivered!
    By icepick94 in forum Administrators
    Replies: 12
    Last Post: 01-22-2009, 07:03 AM
  3. [SOLVED] GoDaddy certs on 5.0.6
    By ScottChapman in forum Administrators
    Replies: 34
    Last Post: 09-30-2008, 09:02 AM
  4. ZCS 3.2 Beta Available
    By KevinH in forum Announcements
    Replies: 31
    Last Post: 07-07-2006, 04:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •