Results 1 to 9 of 9

Thread: [SOLVED] CAcert certificate

  1. #1
    Join Date
    Jan 2010
    Location
    Austria
    Posts
    30
    Rep Power
    5

    Default [SOLVED] CAcert certificate

    hi all
    today i want import a certificate from CAcert. i make it on the web, so i generate a csr, go to CAcert and generate a certifcate. i also download the root certifcate and the intermediate certificate. then i import all 3 .crt files (commercial.crt, cacert_root.crt, cacert_intermediate.crt) on the webgui but i only get this error:
    Ihr Zertifikat konnte aufgrund eines Fehlers nicht installiert werden. : system failure: XXXXX ERROR: Unmatching certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current_comm.key) pair.

    What i make wrong? i have read some artikles with godaddy cert, but it dont want work. can someone give me a tip or help?
    greetz
    franco

  2. #2
    Join Date
    Jan 2010
    Location
    Austria
    Posts
    30
    Rep Power
    5

    Default

    hi again
    i have now installed a new commercial.crt. the verifying was ok, also the deploy. but when i now start zimbra i get this errors:
    Code:
    [zimbra@SMTP ~]$ zmcontrol start
    Host smtp.network4kmu.at
    	Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    	Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
    zimbra logger service is not enabled!  failed.
    
    
    	Starting mailbox...Done.
    	Starting antispam...Done.
    	Starting antivirus...Done.
    	Starting snmp...Done.
    	Starting spell...Done.
    	Starting mta...Done.
    	Starting stats...Done.
    so i have no webgui, what can i do. what is happen now? what is not correct?
    greetz
    franco

  3. #3
    Join Date
    Sep 2008
    Location
    Latvia
    Posts
    165
    Rep Power
    7

    Default

    Did you run this:
    # /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /root/certs/commercial.crt

    This is according to this thread:
    http://www.zimbra.com/forums/adminis...rtificate.html

  4. #4
    Join Date
    Jan 2010
    Location
    Austria
    Posts
    30
    Rep Power
    5

    Default

    hi j2b
    thx for the tip, no i don't make this before. i would test it and give you answer. merci

    greetz

    franco

  5. #5
    Join Date
    Jan 2010
    Location
    Austria
    Posts
    30
    Rep Power
    5

    Default

    hi j2b,
    so i test your tip now, and what should i say? it WORKS perfectly now, cool thing. many great thx from me . and when someone can tell me how i can change the server that he only gets over https the webmail, then i am the happiest man in world

    greetz

    franco

  6. #6
    Join Date
    Sep 2008
    Location
    Latvia
    Posts
    165
    Rep Power
    7

    Default

    Welcome! Just was dealing with this item for last two days, looking for info. Regarding your other question - is this correct, what you would like to achieve - allow connections to zimbra web client only on SSL (https)? If so, what is your setup? One server / Multiserver. Do you use Zimbra proxy or other solutions or no proxy at all?

  7. #7
    Join Date
    Sep 2008
    Location
    Latvia
    Posts
    165
    Rep Power
    7

    Default

    Sorry, looking through your first post, it seems, that you have single server installation, but with no proxy server. To make my former question more specific, do you use any kind of proxy before ZCS server to access it via web client? Or you ar connecting to ZCS server directly?

  8. #8
    Join Date
    Jan 2010
    Location
    Austria
    Posts
    30
    Rep Power
    5

    Default

    hi j2b
    i use a single server with direct connection, over firewall (monowall). i want webmail only on https available. can i do that with zimbra? no i do not use a proxy server because it is a one man show

    greetz

    franco

  9. #9
    Join Date
    Jan 2010
    Location
    Austria
    Posts
    30
    Rep Power
    5

    Default

    ok i found the command, zmtlsctl redirect is what i want, many thx for great helping!

    greetz

    franco

Similar Threads

  1. [SOLVED] Certificate problem with 6.0.5
    By bibo in forum Administrators
    Replies: 5
    Last Post: 01-18-2012, 08:37 PM
  2. [SOLVED] Problem when install CAcert certificate
    By bibo in forum Administrators
    Replies: 4
    Last Post: 11-17-2008, 04:49 AM
  3. Certificate fun...
    By TommyTheKid in forum Administrators
    Replies: 2
    Last Post: 02-12-2008, 04:32 PM
  4. Replies: 1
    Last Post: 11-05-2007, 05:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •