Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: SSL problems

  1. #11
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Sorry- Your right. I thought there was a something else (which isn't there anymore) in there.
    Did you try to convert your certificate and key files to a combined PKCS12 format certificate?

  2. #12
    Join Date
    Jul 2007
    Location
    Columbus, OH
    Posts
    9
    Rep Power
    8

    Default

    Yes, I converted the PEM certficiate + key to PKCS12 format. I received no errors when doing so. The following command shows the correct certificate details :
    <code>openssl pkcs12 -in cert.pkcs12</code>
    So I don't believe the PKCS12 version of the cert is corrupted or broken.

  3. #13
    Join Date
    Jul 2007
    Location
    Columbus, OH
    Posts
    9
    Rep Power
    8

    Default

    At wit's end, I finally decided to give try Keytool IUI Plus, as mentioned in this comment:
    http://www.zimbra.com/forums/adminis...html#post53252

    The process was not at all intuitive, but I have finally produced a keystore file which tomcat accepts. I can access my Zimbra installation via https on tcp 443 and 7071; I don't get browser warnings about the certificate; and displaying the certificate details from within my browser shows that it is using the cert we bought.

    Here's how I did it with Keytool IUI. This is likely incomplete, as I wasn't diligently taking notes since I didn't actually expect it to work.

    * convert the certificate + key into PKCS12 format, using "zimbra" as the export password (openssl -inkey cert.key -in cert.pem -export -out cert.p12)
    * start Keytool IUI ( ./run_ktl_plus.sh )
    * Create Keystore -- use "zimbra" as the password
    * Import Private key from other keystore
    ** select PKCS12 as the format, and open cert.p12 (the PKCS12 version of the certificate)
    ** use "zimbra" as the source keystore password
    ** select the keystore file you created above, and leave the format at JKS
    ** use "zimbra" as the target keystore password
    * select the certificate, and click OK
    * use "tomcat" as the alias for the private key
    * use "zimbra" as the password
    * click OK
    * view the keystore, and confirm that the "tomcat" alias was created

    * Back up /opt/zimbra/tomcat/conf/keystore
    * stop tomcat
    * Install the keystore you just created to /opt/zimbra/tomcat/conf/keystore
    * start tomcat
    * confirm you can access https://example.com:7071 and https://example.com/

Similar Threads

  1. Installing commercial ssl on zimbra cs (network ed.)
    By keithop in forum Administrators
    Replies: 4
    Last Post: 04-28-2009, 04:16 PM
  2. Disable SSL on the Admin Port 7071
    By rasputin in forum Installation
    Replies: 2
    Last Post: 04-06-2008, 03:29 AM
  3. SSL certificate format problems
    By didde in forum Installation
    Replies: 0
    Last Post: 07-02-2007, 11:03 AM
  4. Help with tomcat ssl errors...
    By sgtstadanko in forum Administrators
    Replies: 4
    Last Post: 03-19-2007, 09:13 PM
  5. Smartphone preference for zimbra?
    By jonnyRo in forum Zimbra Mobile
    Replies: 5
    Last Post: 10-27-2006, 08:04 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •