Results 1 to 6 of 6

Thread: Error importing RapidSSL

  1. #1
    Join Date
    Mar 2013
    Posts
    2
    Rep Power
    2

    Default Error importing RapidSSL

    Hi to everyone.
    I have a Zimbra 7 installation and I would to install a certificate issued by RapidSSL.
    I followed this official guide ( Installing a RapidSSL Commercial Certificate - Zimbra :: Wiki ) but when I run
    # ./zmcertmgr deploycrt comm /tmp/server.crt /tmp/ca_bundle.crt
    I obtain this output:

    Certificate (/root/cert/server.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /root/cert/server.crt: OK
    ** Copying /root/cert/server.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /root/cert/ca_bundle.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...failed.
    XXXXX ERROR: failed to import certficate.

    I try to find some solution on Google, but I did'nt find.
    Anyone can help to solve this problem?
    Thanks

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by lormayna View Post
    That isn't an official guide, it's a user contribution. Try some of the solutions from the forums.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Mar 2013
    Posts
    2
    Rep Power
    2

    Default

    This my next step:

    ** Verifying /root/cert/server.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Enter pass phrase for /opt/zimbra/ssl/zimbra/commercial/commercial.key:
    Certificate (/root/cert/server.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /root/cert/server.crt: OK
    ** Copying /root/cert/server.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /root/cert/ca_bundle.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca.../opt/zimbra/jdk1.6.0_26/bin/keytool -delete -alias zcs-user-commercial_ca -keystore /opt/zimbra/jdk1.6.0_26/jre/lib/security/cacerts -storepass failed.
    Mailbox trustsore: XXXXX ERROR: failed to import certficate.

    You need and argument for paramater -storepass.
    Try keytool -help

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by lormayna View Post
    You need and argument for paramater -storepass.
    Doesn't that tell you what the error is? You need a parameter for that entry (i.e. the password) and you can find that (location) by searching the forums and/or wiki.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    May 2007
    Location
    Indonesia
    Posts
    149
    Rep Power
    8

    Default

    Hi,

    Try the following procedure to applying RapidSSL certificate on Zimbra :

    1. Pick the webserver certificate sent by RapidSSL. Create a blank text file /tmp/zcsserver.crt and then copy pasteall line from (including)Begin Certificate to End Certificate
    2. Run the following command :
    Code:
    mkdir /srv/v
    cd /srv/v/
    wget http://www.geotrust.com/resources/ro..._Global_CA.cer
    wget https://knowledge.rapidssl.com/libra..._CA_bundle.pem
    cat GeoTrust_Global_CA.cer RapidSSL_CA_bundle.pem > /tmp/ca_bundle.crt
    cd /opt/zimbra/bin
    ./zmcertmgr deploycrt comm /tmp/zcsserver.crt /tmp/ca_bundle.crt
    chmod 644 /opt/zimbra/java/jre/lib/security/cacerts
    /opt/zimbra/java/bin/keytool -import -alias rapidsslintca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /srv/v/RapidSSL_CA_bundle.pem
    su - zimbra
    zmcontrol restart
    Note : changeit is the password of keystore. If you would like to test whether the password has changed or not, run the following command :
    Code:
    su - zimbra
    zmlocalconfig -s | grep mailboxd_truststore_password
    Best Regards
    ---
    Masim "Vavai" Sugianto
    Zimbra Tutorial
    Personal Blog [ID]

    Release 8.0.6_GA_5922.SLES11_64_20131203103702 SLES11_64 FOSS edition.

  6. #6
    Join Date
    May 2013
    Posts
    1
    Rep Power
    2

    Default

    Vavai this solved my issue on Zimbra 8 as well. Thanks very much!


    Just adding one of my error lines here so that others might find it as well. I'm sure I typo'd something in my first attempt.

    140713965561504:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:703:Expecting: TRUSTED CERTIFICATE

Similar Threads

  1. Error installing commercial RapidSSL
    By knopix80 in forum Administrators
    Replies: 6
    Last Post: 10-11-2012, 01:41 PM
  2. Error installing commercial RapidSSL
    By knopix80 in forum Error Reports
    Replies: 0
    Last Post: 10-10-2012, 02:19 PM
  3. rapidSSL certificate error
    By savez in forum Administrators
    Replies: 1
    Last Post: 09-07-2011, 02:32 AM
  4. Error importing PST
    By mmsmith in forum Administrators
    Replies: 10
    Last Post: 04-27-2010, 07:14 AM
  5. Error importing via zmmailbox
    By The Fold in forum Migration
    Replies: 11
    Last Post: 07-29-2009, 12:14 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •