Results 1 to 2 of 2

Thread: [SOLVED] Why is installing an SSL cert so hard in 6.0.6?

Hybrid View

  1. #1
    Join Date
    Aug 2009
    Posts
    19
    Rep Power
    6

    Default [SOLVED] Why is installing an SSL cert so hard in 6.0.6?

    Release 6.0.6_GA_2330.UBUNTU8 UBUNTU8 FOSS edition.

    I have been trying for days now to install a commercial SSL cert. I have followed directions from the manual and all over the web. Nothing works.

    For example, these instructions: Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    Code:
    root@zimbra:~/ssl/comodo# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt commercial_ca.crt 
    ** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: commercial.crt: OK
    root@zimbra:~/ssl/comodo# /opt/zimbra/bin/zmcertmgr deploycrt comm ./commercial.crt ./commercial_ca.crt 
    ** Verifying ./commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (./commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: ./commercial.crt: OK
    ** Copying ./commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain ./commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    This is the first time I got through this without the zimbraSSLPrivateKey failing.

    Then I go to restart and I get the following:
    Code:
    	Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    	Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
    zimbra logger service is not enabled!  failed.
    
    
    	Starting mailbox...Done.
    	Starting antispam...Done.
    	Starting antivirus...Done.
    	Starting snmp...Done.
    	Starting spell...Done.
    	Starting mta...Done.
    	Starting stats...Done.
    When I go and list the cacerts from the java keytool, the information is already there.

    Code:
    zmcontrol status
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Host zimbra.domain.com
    	antispam                Running
    	antivirus               Running
    	ldap                    Running
    	logger                  Stopped
    		zmlogswatchctl is not running
    	mailbox                 Stopped
    		zmmailboxdctl is not running.
    	mta                     Running
    	snmp                    Running
    	spell                   Running
    	stats                   Running
    How do you install a commercial certificate? Is it possible? Which instructions should I use? Is there a link? This is very frustrating that this process is so difficult.

  2. #2
    Join Date
    Aug 2009
    Posts
    19
    Rep Power
    6

    Default

    I have figured it out.

    While digging and digging, a step needs to be added to add your .crt to the Java ca chain by:

    Code:
    /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt

Similar Threads

  1. [SOLVED] ZCS 6.0.6 GeoTrust SSL Cert
    By rayt_rwm in forum Administrators
    Replies: 0
    Last Post: 05-28-2010, 09:24 AM
  2. Need help installing a Godaddy SSL cert on Zimbra 6.0.6
    By redpeppers in forum Installation
    Replies: 0
    Last Post: 05-25-2010, 08:16 PM
  3. Replies: 10
    Last Post: 10-26-2009, 04:26 AM
  4. Problem installing Go Daddy, Inc. SSL Cert
    By alauppe in forum Administrators
    Replies: 1
    Last Post: 03-13-2009, 05:16 AM
  5. Question installing commercial SSL cert
    By jigi in forum Administrators
    Replies: 0
    Last Post: 02-13-2006, 12:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •