Results 1 to 3 of 3

Thread: ZCS 6 and Thawte 2048 bit certs

  1. #1
    Join Date
    Jul 2009
    Location
    Lexington, KY
    Posts
    18
    Rep Power
    6

    Default ZCS 6 and Thawte 2048 bit certs

    We use Thawte for SSL certs and recently had to renew. Certs with a 2048 bit key are now required, and we had to follow something along the lines of this post to get it done:

    http://www.zimbra.com/forums/adminis...oid-users.html

    where we used the newer root CA cert from Thawte and the two intermediates bundled, all in the commercial_ca.crt file - this was the only combination that would get past the verifycrt step of the zmcertmgr tool and deploy successfully. Also we had to modify the zmcertmgr tool because 1024 key size is hardcoded.

    All seems OK, but we fail any SSL cert validation tools such as https://ssl-tools.verisign.com - it looks as if we should not be including the root CA cert in the file, but there's no other way to get it to pass the verification step.

    Has anyone else successfully deployed a 2048 bit Thawte cert that passes
    an SSL checker? Thanks.

  2. #2
    Join Date
    May 2008
    Posts
    432
    Rep Power
    7

    Default

    We have exactly the same problem. It works, but all verification tools complain about the root cert.
    Mobile devices seem to accept the cert, but Windows Mobile needs to import the new cert into the device. Some Android phones also complain about the cert, as do some proxy servers.

    Any suggestions anyone?

  3. #3
    Join Date
    Jul 2009
    Location
    Lexington, KY
    Posts
    18
    Rep Power
    6

    Default

    I opened a ticket with Zimbra support and they basically told me that it appears to be working as designed as far as they are concerned and that we should talk to Thawte about it. I may try to engage them and see what they say, but my guess is that it is going to come down to finger pointing at the tooling that deploys the certs.

Similar Threads

  1. Thawte SSL certificate problem
    By iway in forum Administrators
    Replies: 0
    Last Post: 08-09-2011, 09:14 AM
  2. Error al colocar certificado de 2048 bits
    By michaelo20 in forum Spanish
    Replies: 0
    Last Post: 07-21-2011, 02:11 PM
  3. Replies: 2
    Last Post: 01-04-2011, 06:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •