Results 1 to 7 of 7

Thread: Invalid SSL Certificate

  1. #1
    Join Date
    Feb 2009
    Posts
    76
    Rep Power
    6

    Default Invalid SSL Certificate

    I'm throwing in the towel and asking for help on this one.

    I bought an SSL certificate from Network Solutions. They have provided me with 4 files:

    AddTrustExternalCARoot.crt
    server.crt
    NetworkSolutions_CA.crt
    UTNAddTrustServer_CA.crt

    I attempted to load them via the admin console but was met with
    Code:
    Your certificate was not installed to the error: system failure: IOException while handling uploaded certificate
    Through about a dozen different forum threads, here's where I am:

    I did:
    Code:
    cat AddTrustExternalCARoot.crt NetworkSolutions_CA.crt UTNAddTrustServer_CA.crt >> ca_bundle.crt
    Code:
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /root/certs/server.crt
    ** Verifying /root/certs/server.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/root/certs/server.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /root/certs/server.crt: OK
    Then, when I do:
    Code:
    /opt/zimbra/bin/zmcertmgr deploycrt comm /root/certs/server.crt /root/certs/ca_bundle.crt
    ** Verifying /root/certs/server.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/root/certs/server.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Error loading file /root/certs/ca_bundle.crt
    47558887958896:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:795:
    47558887958896:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:by_file.c:280:
    usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...
    recognized usages:
       sslclient    SSL client
       sslserver    SSL server
       nssslserver  Netscape SSL server
       smimesign    S/MIME signing
       smimeencrypt S/MIME encryption
       crlsign      CRL signing
       any          Any Purpose
       ocsphelper   OCSP helper
       timestampsign        Time Stamp signing
    XXXXX ERROR: Invalid Certificate:
    XXXXX ERROR: provided cert isn't valid.
    As you can probably tell by now, I've never dealt with certificates before so I'm definitely on the losing end here.

    Along with threads, I've been following Administration Console and CLI Certificate Tools - Zimbra :: Wiki and this is where I am now stuck.

  2. #2
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    did you make sure your all your crt files have proper newlines at the end? if not it will mess then up when it concatonates them

  3. #3
    Join Date
    Feb 2009
    Posts
    76
    Rep Power
    6

    Default

    Nope. Do I need a blank line between the entries or just have each entry on its own line?

  4. #4
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    just make sure at teh end of the ssl certfiicat where you have the line


    -----END CERTIFICATE-----

    that there is a new line at the end of that. if you open it in a text edit you shoudl be able to scroll down to the next line. if you can't, go to the end of that line and hit enter. if you don't, then when it concatonates the certificates you'll wind up with a line that looks like


    -----END CERTIFICATE----------BEGIN CERTIFICATE-----

  5. #5
    Join Date
    Feb 2009
    Posts
    76
    Rep Power
    6

    Default

    Quote Originally Posted by bdial View Post
    just make sure at teh end of the ssl certfiicat where you have the line


    -----END CERTIFICATE-----

    that there is a new line at the end of that. if you open it in a text edit you shoudl be able to scroll down to the next line. if you can't, go to the end of that line and hit enter. if you don't, then when it concatonates the certificates you'll wind up with a line that looks like


    -----END CERTIFICATE----------BEGIN CERTIFICATE-----
    Thank you, that got me further, but now I get:

    Code:
    XXXXX ERROR: failed to create jetty.pkcs12

  6. #6
    Join Date
    Feb 2009
    Posts
    76
    Rep Power
    6

    Default

    Ok, I got it by following the instructions here http://www.zimbra.com/forums/install...ficates-2.html

    Now, when a user connects via a client such as Outlook with SSL enabled, it still gives them a certificate error and they have to click Yes to continue. I thought that is the point of the SSL certificate, so that those security warnings don't come up.

  7. #7
    Join Date
    Jun 2008
    Posts
    10
    Rep Power
    7

    Default

    I was having all kinds of problems with netsol cert as well. I gave up and use digicert.

Similar Threads

  1. Replies: 7
    Last Post: 02-13-2013, 02:36 AM
  2. installation of wildcard SSL certificate
    By dgsohard in forum Administrators
    Replies: 1
    Last Post: 06-15-2012, 11:16 AM
  3. Replies: 2
    Last Post: 03-31-2011, 12:01 PM
  4. Problem with Mail Server - Need help!
    By joeleo in forum Installation
    Replies: 2
    Last Post: 03-04-2008, 12:03 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •