Results 1 to 4 of 4

Thread: Comodo Certificate installation on Zimbra 7.2.0.xx

Hybrid View

  1. #1
    Join Date
    Aug 2008
    Location
    Pakistan
    Posts
    100
    Rep Power
    7

    Default Comodo Certificate installation on Zimbra 7.2.0.xx

    I am following procudre as i recevied given files from Comodo ,
    AddTrustExternalCARoot.crt
    ComodoUTNSGCCA.crt
    EssentialSSLCA_2.crt
    STAR_mydomain_com.crt
    UTNAddTrustSGCCA.crt
    When i tried to install Comodo SSL certificate from web Admin Panel ->Install Certificate ->Install the commercially signed certificate->

    Certificate:STAR_mydomian_com
    RootCA:AddTrustExternalCARoot
    Intermediate CA: ???? what .crt require here?

    Your certificate was not installed due to the error : system failure: exception executing command: zmcertmgr verifycrtkey comm /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current_comm.key /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt with {RemoteManager: mail.mydomian.com->zimbra@mail.mydomain.com:22}

    Please help me how to install comodo certificate in zimbra with version as below.

    Release 7.2.0_GA_2669.RHEL6_64_20120410002025 CentOS6_64 FOSS edition.

  2. #2
    Join Date
    Aug 2008
    Location
    Pakistan
    Posts
    100
    Rep Power
    7

    Default

    cd /root/temp
    cat EssentialSSLCA_2 UTNAddTrustSGCCA AddTrustExternalCARoot > /tmp/ca_bundle.crt
    cp /tmp/STAR_mydomain_com /tmp/server.crt
    cd /opt/zimbra/bin
    ./zmcertmgr deploycrt comm /root/temp/server.crt /root/temp/ca_bundle.crt
    ./zmcertmgr deploycrt comm /root/temp/server.crt /root/temp/ca_bundle.crt
    ** Verifying /root/temp/server.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    XXXXX ERROR: Unmatching certificate (/root/temp/server.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial .key) pair.
    XXXXX ERROR: provided cert isn't valid.
    [root@mail ssl]# pwd
    /opt/zimbra/ssl
    [root@mail ssl]# ls
    zimbra zimbra.20120907164147 zimbra.20120907164155 zimbra.20120922002406 zimbra.20120924051248


    Then as per Thread

    cd /root/temp/
    cat EssentialSSLCA_2 UTNAddTrustSGCCA AddTrustExternalCARoot > /tmp/ca_bundle.crt
    cp /root/tmp/STAR_mydomain_com /tmp/server.crt
    #cp AddTrustExternalCARoot.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
    #cd /opt/zimbra/ssl/zimbra/commercial/
    #chmod 740 commercial.csr commercial.key
    #cd /root/temp
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./server.crt ./ca_bundle.crt
    ** Verifying ./server.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    XXXXX ERROR: Unmatching certificate (./server.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
    ------------------

    Following procedure as given below.
    Troubleshooting
    *
    Copy your root.crt to /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
    *
    Then follow the steps below:
    *
    At this point, the csr and the private key should have been
    created by Zimbra in /opt/zimbra/ssl/zimbra/commercial directory and
    name them: commercial.csr and commercial.key.
    Make sure the permissions are set to 740 root:root (you can skip this step, I did)
    Make a new directory, ex: /root/certs
    Place the singed cert and the bundle cert in /root/certs (these are the files you downloaded from your CA)
    Verify that the cert and the key match via this command run As ROOT
    # cd /root/certs
    # /opt/zimbra/bin/zmcertmgr verifycrt comm
    /opt/zimbra/ssl/zimbra/commercial/commercial.key
    ./host.yourdomain.com.crt ./bundle.crt
    If the output looks good, you can deploy the certificate via this command:
    # /opt/zimbra/bin/zmcertmgr deploycrt comm ./your.hostname.com.crt ./bundle.crt
    The final step would be to restart the zimbra services for the change to take effect (see the end of this post)
    IF step 7 gives you errors such as "logger service cannot start" or "ldap service" can't start.
    Then you need to do the following:
    The commercial certs were deployed fine. However you must also as ROOT run:
    /opt/zimbra/bin/zmcertmgr addcacert /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    Finally, restart your services by
    1) su root
    2) su zimbra
    3) zmcontrol stop
    4) zmcontrol start
    *

    i don't know What i have do ??????????????

  3. #3
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    454
    Rep Power
    6

    Default

    I picked up a free certificate from startcom ssl and followed these instructions for both the OSE and NE version of Zimbra 7 with no issues:

    https://cert.startcom.org/

    Installing a StartSSL SSL Certificate with zmcertmgr - Zimbra :: Wiki

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

  4. #4
    Join Date
    Aug 2008
    Location
    Pakistan
    Posts
    100
    Rep Power
    7

    Default

    Still Unable to install Comodo wildcard certificate

    root@mail 2048]# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/2048/server.crt
    ** Verifying /tmp/2048/server.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    XXXXX ERROR: Unmatching certificate (/tmp/2048/server.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
    Any help is appreciated

Similar Threads

  1. Comodo Positive Wildcard SSL certificate
    By Sam159 in forum Administrators
    Replies: 0
    Last Post: 08-13-2012, 03:31 AM
  2. Comodo SSL Certificate installation
    By mhammett in forum Administrators
    Replies: 5
    Last Post: 03-11-2012, 01:07 PM
  3. Replies: 2
    Last Post: 03-31-2011, 12:01 PM
  4. persistent errors comodo ssl certificate installation
    By ITelligencia in forum Installation
    Replies: 1
    Last Post: 12-10-2009, 11:23 AM
  5. Replies: 5
    Last Post: 04-27-2009, 07:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •