ERROR: Unmatching certificate for Geotrust cert - can't install certtificate
I just tried to install my new Geo Trust certificate from RapidSSL in my Zimbra 5.0.2 server and I got the following error:
So I went through some of the zimbra wikis and forum to get a few ideas, I copied the new certificate into the same directory that the new private key is located in (above dir), and ran as root the following command while in that dir to verify that the certificate and key matched and got the below:
Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: Unmatching certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair. Error code: ZaCertWizard.prototype.installCallback...
I generated the CSR via Zimbra certificate wizard in admin and submitted it to Geo Trust, originally it would not generate a 2048 certificate so I followed this thread: http://www.zimbra.com/forums/install...-bit-cert.html and this wiki: Installing a GeoTrust Commercial Certificate - Zimbra :: Wiki for advice and edited the following file: opt/zimbra/bin/zmcertmgr and I replaced 1024 with 2048 anywhere in the file – I think 1024 was only in two places in the script.
/opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key current.crt
** Verifying current.crt against commercial.key
unable to load certificate
31316:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE
XXXXX ERROR: Unmatching certificate (current.crt) and private key (commercial.key) pair.
After doing that and saving the changes to the file, Zimbra did generate the 2048 CSR AOK and I was finally able to get my Geo Trust cert after being rejected earlier when submitting the 1024 CSR, so I thought all my problems were solved until I tried to install the cert via Zimbra admin.
I checked the time stamps on both the CSR and the private key and they both were the most current dates – so I know (at least I hope so) that these are the correct CSR and key and cert, so I don't really know what is going wrong here with the new cert - never have this problem when I install certs via CLI and generate CSR's for other domains not associated with Zimbra.
Can anyone please give me a hint as to what to try next?
Thanks very much.