Results 1 to 8 of 8

Thread: StartSSL Free SSL Certificate + Zimbra

  1. #1
    Join Date
    Aug 2009
    Posts
    7
    Rep Power
    6

    Default StartSSL Free SSL Certificate + Zimbra

    Hi,

    I was just wondering if anyone had any experience with the free non-selfsigned StartSSL certificates from StartSSLâ„¢ Certificates & Public Key Infrastructure.

    Can they be easily be loaded into zimbra and how does it work?

    Thanks,
    Deniz

  2. #2
    Join Date
    Oct 2009
    Posts
    14
    Rep Power
    6

    Default

    I was able to import it, but despite the import procedure went fine it looks like the certificate is not working correctly, and SSL services aren't started.

  3. #3
    Join Date
    Jul 2009
    Posts
    4
    Rep Power
    6

  4. #4
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    8

    Default

    I've never been able to get the basic StartSSL cert to work with Zimbra. I don't know if it's me, or if it's StartSSL, but I get the following message when installing it via the CLI:

    Code:
    XXXXX ERROR: Unmatching certificate (/tmp/ssl.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
    XXXXX ERROR: provided cert isn't valid.
    And the following message when installing it via the admin console:

    Code:
    Message: invalid request: missing required attribute: server Error code: service.INVALID_REQUEST Method: GetCertRequest Details:soap:Sender
    As far as I know, I'm doing everything correct. I generated a new certificate signing request via the admin console, give the CSR to StartSSL (which they like), and they generate a certificate for me.

    My hunch is that the problem lies with the way my Zimbra server is named. The server itself is named friendlyname.ourdomain.com, but the certificate needs to be for mail.ourdomain.com.

    When generating the CSR, I specify "mail.ourdomain.com" as the common name. Should it be a Subject Alternative Name instead....or both?

    Or, perhaps, it is a StartSSL problem as "All content of the certificate signing request is ignored except its public key."?

    We used to use ipsCA certs and never had an issue (until their CA cert expired)...

  5. #5
    Join Date
    Dec 2010
    Location
    UK
    Posts
    233
    Rep Power
    5

    Default

    Works fine for me, but remember to remove the pass phrase from the cert before installing or you'll have problems

  6. #6
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    8

    Default

    If you use the Zimbra generated CSR, there shouldn't be a password??

  7. #7
    Join Date
    Dec 2010
    Location
    UK
    Posts
    233
    Rep Power
    5

    Default

    I must not have used the Zimbra CSR then

  8. #8
    Join Date
    Apr 2008
    Location
    Dubai, UAE
    Posts
    30
    Rep Power
    7

    Default

    My hunch is that the problem lies with the way my Zimbra server is named. The server itself is named friendlyname.ourdomain.com, but the certificate needs to be for mail.ourdomain.com.

    When generating the CSR, I specify "mail.ourdomain.com" as the common name. Should it be a Subject Alternative Name instead....or both?
    No idea if that's the problem, but if you need to support multiple hostnames in the same certificate you need a class 2 cert ($49) not their free class 1 cert.

Similar Threads

  1. Zimbra spam system
    By rajahd in forum Administrators
    Replies: 9
    Last Post: 04-16-2008, 08:25 PM
  2. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  3. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  4. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM
  5. Unable to start tomcat
    By chanck in forum Administrators
    Replies: 11
    Last Post: 06-11-2006, 01:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •