I'm running Zimbra OpenSource Edition 6.0.7 and my commercially signed certificate is about to expire in 2 days. I ordered a new certificate, this time a wildcard certificate as we also have other servers using ssl in the same domain.
I copied the private key file (commercial.key) to the appropriate location /opt/zimbra/ssl/zimbra/commercial, changed the owner to zimbra.zimbra and made sure, the permissions are -rw-------. The certificate and the root certificate including the chain are located in /root/certs/commercial.crt and /root/certs/commercial_ca.crt respectively. I followed the following howto:
Preexisting Certifcate Installation for Zimbra 6.0 - Zimbra :: Wiki
Then, the command
runs all ok.
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial.key commercial.crt commercial_ca.crt
But the following command fails:
root@hermes:~/certs# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: commercial.crt: OK
** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...failed.
XXXXX ERROR: failed to import certficate.
Keytool-Fehler: java.lang.Exception: Eingabe kein X.509-Zertifikat
I cannot even reinstall the still valid certificate I was using until now! The same error appears.
I was able to install a self-signed cert using the following howto:
Administration Console and CLI Certificate Tools - Zimbra :: Wiki
If I restart trying to install the commercial cert it fails as above.
What can I do to successfully install the commercial cert? I'm not willing to use the self-signed cert as my 150+ users will get error messages...
Any help would be very much appreciated, thanks!