Results 1 to 3 of 3

Thread: Install a godaddy standard SSL

  1. #1
    Join Date
    Oct 2007
    Location
    Carcavelos, Lisbon
    Posts
    61
    Rep Power
    8

    Default Install a godaddy standard SSL

    I'm trying to install a certificate (Standard SSL 2048 bits) from godaddy without sucess.
    First question is, should i download a certificate for Apache or for Tomcat?
    Certificate for Apache has 2 files domain.crt and gd_bundle.crt, certificate for Tomcat has 4 files domain.crt, gd_intermediate.crt, gd_cross_intermediate.crt, gd_bundle.crt.

    Zimbra version is Release 6.0.2_GA_1912.F7_20091020145320 F7 FOSS edition.

    I have try it using GUI and CL with success installation but allways get this error:
    "zmcontrol start
    Host server.domain
    Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target)
    zimbra logger service is not enabled! failed."

    I tried this http://www.zimbra.com/forums/install...all-issue.html

    but still without success.

    Should I use all the files including gd-class2-root.crt ?

    Any help?

  2. #2
    Join Date
    Apr 2012
    Posts
    1
    Rep Power
    3

    Default

    Hey Ferra,

    You can download the necessary files here

    You will want to grab the gd_intermediate.crt and the gd_cross_intermediate.crt installing the Go Daddy root won't hurt either. (gd-class2-root.crt)

    After you download these to your server, you can place them into zimbra/certs folder.

    Then you should be able to run this command

    : ./zmcertmgr deploycrt comm /opt/zimbra/certs/gd_cross_intermediate.crt /opt/zimbra/certs/gd_intermediate.crt /opt/zimbra/certs/gd-class2-root.crt

    Please let me know if you still experience issues.

  3. #3
    Join Date
    Oct 2007
    Location
    Carcavelos, Lisbon
    Posts
    61
    Rep Power
    8

    Default

    No that doesn't work too.
    When I did a ./zmcertmgr deploycrt comm /opt/zimbra/certs/gd_cross_intermediate.crt /opt/zimbra/certs/gd_intermediate.crt /opt/zimbra/certs/gd-class2-root.crt
    it returns an error message: unknown service

    But finally I found the solution. here is what I did:

    Step 1: Generate CSR as root.
    # /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 "/C=$country/ST=$state/L=$city/O=$organization/OU=$unit/CN=$FQDN1/CN=$FQDN2"

    If all goes well, the CSR will be in opt/zimbra/ssl/zimbra/commercial/commercial.csr

    Step 2: Submit CSR to GoDaddy and download the cert.
    # cat /opt/zimbra/ssl/zimbra/commercial/commercial.csr
    Copy & paste the output into the GoDaddy form. For server type, use "Other". Then download the cert zipfile, unzip it, and put the contents somewhere on your zimbra server.
    The site cert is called company.com.crt. The only other cert in the zip is gd_bundle.crt. (I haven't found any need for GoDaddy's intermediate cert bundle, which is apparently included in the downloads for certain servers.)

    Step 3: Verify the cert chain.

    cd /root/certs/
    # /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./company.com.crt ./gd_bundle.crt


    Step 4: Install the cert

    # /opt/zimbra/bin/zmcertmgr deploycrt comm ./company.com.crt ./gd_bundle.crt

    Step 5: The trick

    # /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file ./company.com.crt

    It looks like something went wrong with applying the certs to Java. The above just forces Java to accept the purchased cert.

    I'm not sure if this was caused by a bug ...

    Step 6 : Restart
    # su - zimbra
    $ zmcontrol stop
    $ zmcontrol start

Similar Threads

  1. Replies: 1
    Last Post: 02-06-2012, 09:12 AM
  2. SSL cert install fails (ver 6)
    By mahalito in forum Administrators
    Replies: 1
    Last Post: 12-17-2010, 07:28 AM
  3. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  4. Replies: 0
    Last Post: 01-15-2008, 12:33 PM
  5. Replies: 1
    Last Post: 01-11-2008, 05:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •