Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Trouble with SSL Essential Cert install

  1. #11
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    3

    Default

    Paul, looking at the CA bundle it consists of TWO blocks of text, each beginning and ending like this...

    -----BEGIN CERTIFICATE-----
    MIIDVDCCAjygAwIBA
    -----END CERTIFICATE-----

    Do I only change the first one? I used VI to do that as a test (without saving the result) and it resulted in a funny formatted block (i.e. it didn't pull all te rest of the second line around as well). Is this OK?

    Cheers
    Chris

  2. #12
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    3

    Default

    Uh -Oh - I just realised that in your example the CA-bundle ends with .crt. Mine ends with no extension, just domain.ca-bundle

  3. #13
    Join Date
    Apr 2012
    Posts
    43
    Rep Power
    3

    Default

    Looks ok, try installing your root CA certificates:

    apt-get install ca-certificates
    Your ca_bundle.crt should include all your certificate's ca's, here is mine: -----BEGIN CERTIFICATE----- MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCz A - Pastebin.com

    That includes geotrust's international CA and rapidssl's two CA which is my issuer. So my certificate chain is like this:

    Geotrust Int -> RapidSSL Root CA -> RapidSSL CA -> My certificate

    ca_bundle.csr should include: Geotrust Int, RapidSSL Root CA, RapidSSL CA
    and certificate.csr should include: Your certificate.

    I hope it helps.

    Edit: It shouldn't really matter if it ends in .csr .

  4. #14
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    3

    Default

    Hi Paul

    My issuer is Comodo. My OS is CentOS 6.2. The command apt-get doesn't work on my system - just says no such command.

    Cheers
    Chris

  5. #15
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    3

    Default

    Paul, I used YUM instead of apt-get and this resulted in:

    Package ca-certificates-2010.63-3.el6_1.5.noarch already installed and latest version
    Nothing to do

    Cheers
    Chris

  6. #16
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    3

    Default

    Doing a locate, I see this:
    /etc/pki/tls/certs/ca-bundle.crt
    /etc/pki/tls/certs/ca-bundle.trust.crt
    /opt/zimbra/curl-7.24.0/share/curl/ca-bundle.crt
    /root/Downloads/zmail_xxxxx_co_uk/zmail_xxxxx_co_uk.ca-bundle

    So those are all the bundles I have. The last one is the one I received from Comodo.

    Cheers
    Chris

  7. #17
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    3

    Default

    Hi Paul

    OK - with your help I've managed to get the certs to install OK. I've restarted the server and now when I got to the https:// web login, I get the following error:

    -----
    Your connection to zmail.xxxx.co.uk is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.

    The connection uses TLS 1.0.

    The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.

    The connection is not compressed.
    -----

    Any ideas how I can get rid of the little red cross in the https:// box in browser?

    Thanks for your help so far!
    Chris

  8. #18
    Join Date
    Apr 2012
    Posts
    43
    Rep Power
    3

    Default

    Hello,

    Sorry for disappearing like that. I've done a google search for that error and it seems that the ssl connection is indeed secured however it's trying to encrypt some resourced out of his scope: Have you create a custom zimbra theme, any custom zimlets or something like that? Also does the common name of your certificate match your address you're typing? This error is odd, I've never seen it before.

    I used a RapidSSL Certificate and never got any problems like with this. Can you PM me a Instant Messaging address you got, maybe I can help you faster like this.

    Paul.

  9. #19
    Join Date
    Apr 2012
    Location
    Bracknell
    Posts
    44
    Rep Power
    3

    Default

    Hi Paul

    I've no idea why this is happening. The site is absolutely stock standard and I've changed nothing. The padlock is coming up but has the little warning triangle in it. When you click on the padlock it still says that some items on the page are not secure.

    Hmmmm - driving me bonkers here.

    Cheers
    Chris

Similar Threads

  1. ZD untrusted Verisign SSL cert
    By JaymeH in forum General Questions
    Replies: 10
    Last Post: 01-12-2012, 05:39 AM
  2. geotrust ssl cert install problem
    By alto in forum Administrators
    Replies: 0
    Last Post: 06-03-2011, 01:10 AM
  3. SSL cert install fails (ver 6)
    By mahalito in forum Administrators
    Replies: 1
    Last Post: 12-17-2010, 07:28 AM
  4. Replies: 23
    Last Post: 05-06-2008, 02:24 PM
  5. Replies: 2
    Last Post: 03-25-2007, 09:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •