Results 1 to 6 of 6

Thread: [SOLVED] export certificate to zimbra

  1. #1
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Default [SOLVED] export certificate to zimbra

    hi folks,

    i already read tutorials about import certificates to zimbra in wiki, but i don't get import the certificates from my external openldap server, that authenticate zimbra users , so when i check the option to use ssl, a series of warms shows in the debug box, alert me that certificate is not valid...

    i configured my certicates and CA as follow, using openssl:

    #generate CA
    $ /usr/lib/ssl/misc/CA.pl -newca

    #generate certificates
    $ /usr/lib/ssl/misc/CA.pl -newreq

    # so i have the private key (newkey.pem), and the public key (newreq.pem)

    #i sign the certificate
    $ /usr/lib/ssl/misc/CA.pl -sign

    # this generate a sign public key called newcert.pem

    # now i remove the password from private key
    $ openssl rsa -in newkey.pem -out newkey.nopass.pem

    # In final i have this files
    newcert.pem newkey.nopass.pem newkey.pem newreq.pem

    # and my ca is called cacert.pem

    in slapd.conf i set TLSVerifyClient as never...

    so folks, how can i solve this problem ?

    ps. sorry about my english
    Last edited by diegolcf; 02-22-2011 at 05:16 PM.

  2. #2
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Default

    i use this command to import certificate
    /opt/zimbra/java/bin/keytool -import -file cacert.pem -keystore /opt/zimbra/java/jre/lib/security/cacerts -alias <alias>

    and shows this message
    keytool error: java.lang.Exception: Input not an X.509 certificate

  3. #3
    Join Date
    Feb 2011
    Posts
    5
    Rep Power
    4

    Default

    it's quite simple to solve this problem....

    1) first convert a CA certificate to DER format
    $openssl x509 -in cacert.pem -inform PEM -out cacert.der -outform DER

    2) then, make a import
    $ /opt/zimbra/java/bin/keytool -import -file cacert.der -keystore /opt/zimbra/java/jre/lib/security/cacerts -alias <alias>

    ps. forum administrator, please, help-me to change the title of this post, the correct is import zimbra certificate, not export certificate

  4. #4
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default

    can be used this for comercial certs?
    i am having trouble to import a commercial rapid ssl cert, the error is the same:



    Code:
    /opt/zimbra/log/scripts/rapid-ssl ]# /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/log/scripts/rapid-ssl/commercial.crt /opt/zimbra/log/scripts/rapid-ssl/commercial_ca.crt 
    ** Verifying /opt/zimbra/log/scripts/rapid-ssl/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/log/scripts/rapid-ssl/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /opt/zimbra/log/scripts/rapid-ssl/commercial.crt: OK
    ** Copying /opt/zimbra/log/scripts/rapid-ssl/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /opt/zimbra/log/scripts/rapid-ssl/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...failed.
    XXXXX ERROR: failed to import certficate.
    
    Errore keytool: java.lang.Exception: L'input non θ un certificato X.509
    the commercial rapid was one with 1024 bits, and is expired just yesterday
    Last edited by maumar; 04-18-2011 at 03:04 AM.

  5. #5
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default

    Quote Originally Posted by diegolcf View Post
    $ /opt/zimbra/java/bin/keytool -import -file cacert.der -keystore /opt/zimbra/java/jre/lib/security/cacerts -alias <alias>
    what should be used as alias?
    what do you used?

    tia

  6. #6
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default

    there was a 0a as first char of commercial_ca.crt, glub ;(

Similar Threads

  1. Big Fubar on 5 FOSS GA Upgrade
    By uxbod in forum Administrators
    Replies: 24
    Last Post: 01-21-2008, 02:37 AM
  2. Cleanup after many upgrades
    By tobru in forum Installation
    Replies: 1
    Last Post: 12-23-2007, 08:21 AM
  3. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  4. dspam logrotate errors
    By michaeln in forum Users
    Replies: 7
    Last Post: 02-19-2007, 11:45 AM
  5. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 09:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •