Results 1 to 2 of 2

Thread: restoring SSL with Keytool???

  1. #1
    Join Date
    Oct 2005
    Posts
    181
    Rep Power
    10

    Question restoring SSL with Keytool???

    Hi All

    Having been playing with commercial certs for a few days and I wondered if anyone had found a way to restore certs using keytool from the .key and .crt files.

    What is clear is the wiki way to install certs works fine for the basic tomcat stuff as you have a sequence of Create Store, Request Cert from a CA, Import Cert from CA (and any intermediates) and restart Zimbra services.

    I used the java routine in the wiki to extract the .key file, and backed up the whole of Zimbra and the crt files. Then started playing with all sorts of SSL cert stuff till it eventually broke. Then I expected to be able to use the .key and the .crt files to recreate the keystore in a clean install of Zimbra, simulating a disaster recovery scenario, but I cant do it. Tried using zmcertinstall but although there is no error on the command line it shows up in the mailbox log as

    javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

    and no https or other SSL is available.

    So I am looking for a way of perhaps using the key file and keytool to somehow import it. Looking at all the FAQs and manuals around they seem to be geared to the create/request/import cycle not the aagghhhh server died now where are the crt and key files cycle ;-)

    Tried daft stuff like creating a new csr and seeing if the crt will import against it but the key is obviously going to be different. Worth mentioning at each new attempt I am starting with a clean Zimbra install.

    Anyone have any ideas? I have the original keystore and crts backup still if that helps.

    Need to have some form of recovery for DR purposes or to know the risks at least, before it happens on a live system!

    K

  2. #2
    Join Date
    Jul 2006
    Location
    ireland
    Posts
    388
    Rep Power
    9

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 04:08 AM
  2. Disable SSL on the Admin Port 7071
    By rasputin in forum Installation
    Replies: 2
    Last Post: 04-06-2008, 04:29 AM
  3. Help with tomcat ssl errors...
    By sgtstadanko in forum Administrators
    Replies: 4
    Last Post: 03-19-2007, 10:13 PM
  4. SSL Certificate - Keytool Question
    By 3RiversTechAdmin in forum Administrators
    Replies: 0
    Last Post: 11-02-2006, 12:59 PM
  5. ssl on 3.0.1_GA_160_SuSE10
    By comptekki in forum Administrators
    Replies: 2
    Last Post: 04-03-2006, 04:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •