Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Installing an existing commercial wildcard SSL certificate

  1. #11
    Join Date
    Jan 2010
    Posts
    161
    Rep Power
    5

    Default

    Quote Originally Posted by kingark View Post
    No we never got it to work, we ended up moving to a hosted Zimbra solution (not for the reason of the cert) and they put the certificate on the shared installation.
    Ouch.. thats out of the question for me.. I created a zimbra support ticket. This *has* to work for us. All I really care about.. I have also opened a ticket with globalsign.

  2. #12
    Join Date
    Feb 2010
    Posts
    13
    Rep Power
    5

    Default

    Part of my issue what that my CA was not trusted, so I had to added to the trusted CAs. I honestly had a number of issues and I ended up using a support call to get it fixed. I also think I needed to get an additional intermediate cert from my CA and add it to one of my cert files.

    I used a support call to get it resolved the first time. However I migrated my server from a could VM to a local VM box earlier this year and reinstallation of the cert went fine. I just know that if it messes up anywhere in the process, it's easier to start over.

    Globalsign would be part of the default trusted CAs, but you could add your root ca cert t be safe.

  3. #13
    Join Date
    Jan 2010
    Posts
    161
    Rep Power
    5

    Default

    Okay, I was able to get this to work by creating a new ca_bundle.. I had globalsign send me my intermediate, and then downloaded their root and stitched them together. Now I am getting:

    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt root_bundle.crt
    ** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: commercial.crt: OK

    yay.

    Next is deployment. I have 6 zimbra servers to deploy to, so I am somewhat reticent about deploying. Im afraid some things wont restart with the new cert installed.. Do I need to install to all servers at once?

    (I have 2 ldap servers, 2 stores, 1 archive store, and a proxy to support 4200 corporate mailboxes - not to mention the 2 external and 2 internal sendmail mtas and ldap servers.. If that sounds like overkill - it is.)

    -

  4. #14
    Join Date
    Feb 2010
    Posts
    13
    Rep Power
    5

    Default

    That's exactly what I had to do. Glad that worked out. Can't help you with the other part though. I'm a small network admin. We have mailboxes<50.
    Last edited by ExcitedByNoise; 12-16-2010 at 06:18 AM. Reason: typo

  5. #15
    Join Date
    Jun 2012
    Posts
    3
    Rep Power
    0

    Default

    Installing ssl certificate on different server machines always cause the csr and private key mismatch error. You need to reissue or re-key ssl certificate from the supplier.

    Option 1:

    1. Export / backup ssl (include all key files) from first server. PN:
    2. Import / restore ssl on next server.

    This does not work for all server types but for Microsoft IIS it works perfect.

    Option2:

    1. Generate new CSR and Private key from your server
    2. Contact ssl vendor for reissue process. If you have purchased GeoTrust SSL from SSLmatrix.com you can ask support to get automated reissue process url.
    3. Use new csr key and get the cert reissued.

    PN: reissue process is free cost and does not need any fees. If your provider ask for reissue fees you can ask them or contact sslmatrix.com support for the assistance to get the free ssl.

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. [SOLVED] Installing a commercial SSL certificate
    By sdrury in forum Administrators
    Replies: 4
    Last Post: 10-30-2009, 01:37 PM
  3. Replies: 10
    Last Post: 10-26-2009, 03:26 AM
  4. [SOLVED] Installing existing SSL certificates (solved)
    By inigoml in forum Administrators
    Replies: 22
    Last Post: 02-24-2009, 09:32 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •