Results 1 to 2 of 2

Thread: certificate error

  1. #1
    Join Date
    Jul 2012
    Rep Power

    Default certificate error

    hi i tried to install a certificate from verisign i generate CSR and after that i get certificate i followed the following wiki to install commercial certificate Administration Console and CLI Certificate Tools - Zimbra :: Wiki but when i verify the certificate i got the following error

    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    unable to load certificate
    3086678172:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:696:Expecting: TRUSTED CERTIFICATE
    XXXXX ERROR: Unmatching certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair

    i generate two different CSR and have the same error i used 'Release 7.2.0_GA ' of zimbra open source edition

    how can i solve this problem thanks in advance

    Best Regards

  2. #2
    Join Date
    Feb 2007
    Rep Power


    Hopefully I won't confuse you even more but here's what I did a couple of weeks ago installing a wildcard cert from digicert on ubuntu using the cli (could not get it to work in the admin panel), this is the same for RedHat

    I used the Admin panel certificate wizard on mymail server to generate the CSR and submit that to DigiCert who issue the certificates.
    Download the certificates and follow the steps below. Only use Notepad when opening and copying the certificates

    Note: copy both the TrustedRoot.crt and DigiCertCA.crt into ca.crt below to create a chain.

    cd /root/tmp on mymail server
    [root@mymail tmp]$ vi commercial.crt (copy the server cert here)
    [root@mymail tmp]$ vi ca.crt (copy the Root CA Cert here)
    [root@mymail tmp]$ vi /opt/zimbra/ssl/zimbra/commercial/commercial.key (copy the private.key here)

    [root@mymail tmp]$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /root/tmp/commercial.crt
    Certificate (/root/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /root/tmp/commercial.crt: OK

    [root@mymail tmp]$ /opt/zimbra/bin/zmcertmgr deploycrt comm /root/tmp/commercial.crt /root/tmp/ca.crt
    Certificate (/root/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /root/tmp/commercial.crt: OK
    ** Copying /root/tmp/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /root/tmp/ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...Enter pass phrase for /opt/zimbra/ssl/zimbra/commercial/commercial.key:
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.

    [root@mymail tmp]$ /opt/zimbra/bin/zmcertmgr viewdeployedcrt (this shows you the new cert that has been deployed)

Similar Threads

  1. SSL Certificate Error ?
    By i2ambler in forum Administrators
    Replies: 4
    Last Post: 05-09-2011, 05:36 AM
  2. Certificate Error
    By dave.gill@yourpcknights.c in forum Users
    Replies: 1
    Last Post: 04-30-2011, 04:46 AM
  3. Certificate Error/SSL Error When Attempting to Log In
    By arrowheadsolutionsllc in forum Error Reports
    Replies: 0
    Last Post: 04-12-2011, 06:46 AM
  4. Certificate error
    By bellzerr in forum Administrators
    Replies: 2
    Last Post: 08-07-2007, 12:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts