Results 1 to 5 of 5

Thread: Commercial Cert for Zimbra Web

Hybrid View

  1. #1
    Join Date
    Jul 2007
    Location
    California
    Posts
    12
    Rep Power
    8

    Default Commercial Cert for Zimbra Web

    All right, as per the instructions here:
    Commercial Certificates - ZimbraWiki

    I have acquired a Commercial Cert and have been trying to install it using the same instructions. When I was shipped the cert, I received MAIL.SERVER.COM.crt and MAIL.SERVER.COM.der files. On my first try, I used the crt and got the following error:
    [zimbra@tegu ssl]$ keytool -import -alias tomcat -keystore /opt/zimbra/ssl/ssl/commercial.keystore -trustcacerts -file MAIL.SERVER.COM.crt -storepass zimbra
    keytool error: java.lang.Exception: Failed to establish chain from reply

    After this, I shrugged off the error and completed step C. I got a certificate installed, but it wasn't showing as having been signed by any CA and did not resolve the self-signed cert issue.

    So I repeated this process with the .der file and got this message:
    [zimbra@tegu ssl]$ keytool -import -alias tomcat -keystore /opt/zimbra/ssl/ssl/commercial.keystore -trustcacerts -file MAIL.LINDEGROUP.COM.der -storepass zimbra
    keytool error: java.lang.Exception: Failed to establish chain from reply

    lo-and-behold, it's the same message! This time I did not follow through.

    I don't see any reference to this problem anywhere and am a tad bit confused. Does anyone have any guidance?

    My exact ZCS version is posted in the top right.

    Thanks,
    Mike
    Last edited by mwyant; 07-17-2007 at 10:57 AM.

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Import all of the certs that came with your cert.
    Is this godaddy?

    Just give them different aliases, like tomcat2

    eg
    keytool -import -alias tomcat2 blah blah

  3. #3
    Join Date
    Jul 2007
    Location
    California
    Posts
    12
    Rep Power
    8

    Default

    Is there a specific order I should go in here?

    The CA is actually NetworkSolutions

    I received:
    AddTrustExternalRoot.crt
    MAIL.SERVER.COM.crt
    MAIL.SERVER.COM.der
    NetworkSolutions_CA.crt
    UTNAddTrustServer_CA.crt

    Thanks!

  4. #4
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Well, you have to establish a trust chain. This usually because the vendor themselves aren't "trusted" so they have to establish a relationship with a trusted vendor.

    Try this order:
    AddTrustExternalRoot.crt
    UTNAddTrustServer_CA.crt
    NetworkSolutions_CA.crt
    MAIL.SERVER.COM.crt

  5. #5
    Join Date
    Jul 2007
    Location
    California
    Posts
    12
    Rep Power
    8

    Default

    Huh. I'm getting public key mismatch errors now. I guess I'll try and redownload these and see where that goes.

    Thanks so far.

Similar Threads

  1. Replies: 2
    Last Post: 03-25-2007, 10:40 PM
  2. Commercial Certificate for web, partially works.
    By ronnyek in forum Administrators
    Replies: 2
    Last Post: 01-19-2007, 02:48 PM
  3. Need to restore web cert
    By sgtstadanko in forum Installation
    Replies: 0
    Last Post: 11-02-2006, 08:52 AM
  4. Commercial SSL Cert
    By alexz in forum Installation
    Replies: 19
    Last Post: 10-13-2006, 11:58 AM
  5. Question installing commercial SSL cert
    By jigi in forum Administrators
    Replies: 0
    Last Post: 02-13-2006, 12:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •