Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Concatenate the root and intermediaries files?

  1. #1
    Join Date
    Nov 2007
    Posts
    17
    Rep Power
    7

    Default Concatenate the root and intermediaries files?

    Can someone please explain how to Concatenate the root and intermediaries files found here

    How to manually install your commercial certificate in 5.x - Zimbra :: Wiki

  2. #2
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    12

    Default

    try
    cat file1 file2 >file3

  3. #3
    Join Date
    Nov 2007
    Posts
    17
    Rep Power
    7

    Default

    Quote Originally Posted by dijichi2 View Post
    try
    cat file1 file2 >file3
    I made the file and followed the wiki for command line install. Here is my error

    Error loading file cont.crt
    15510:error:0906D066:PEM routines:PEM_read_bio:bad end lineem_lib.c:746:
    15510:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:b y_file.c:280:
    usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_ check] [-engine e] cert1 cert2 ...
    recognized usages:
    sslclient SSL client
    sslserver SSL server
    nssslserver Netscape SSL server
    smimesign S/MIME signing
    smimeencrypt S/MIME encryption
    crlsign CRL signing
    any Any Purpose
    ocsphelper OCSP helper
    XXXXX ERROR: Invalid Certificate:
    XXXXX ERROR: provided cert isn't valid.

  4. #4
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Quote Originally Posted by webaj View Post
    I made the file and followed the wiki for command line install. Here is my error
    Don't concat the certs. Individual x509 hashes need to be made of each cert in the chain.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  5. #5
    Join Date
    Nov 2007
    Posts
    17
    Rep Power
    7

    Default

    Quote Originally Posted by quanah View Post
    Don't concat the certs. Individual x509 hashes need to be made of each cert in the chain.

    --Quanah
    How do I make x509 hashes? Why does Zimbra make this so damn hard?

  6. #6
    Join Date
    Nov 2007
    Posts
    17
    Rep Power
    7

    Default

    Solved.

    I will write directions on how to use Digicert soon.

  7. #7
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Quote Originally Posted by webaj View Post
    Why does Zimbra make this so damn hard?
    It isn't "Zimbra" making it hard. It's the way the SSL software (OpenSSL specifically) works.

    And sorry, I misread what you were doing. You do have to initically concat them for zmcertmgr to split them apart and generate the hashes.

    --Quanah
    Last edited by quanah; 02-12-2008 at 09:07 AM.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  8. #8
    Join Date
    Nov 2007
    Posts
    17
    Rep Power
    7

    Default

    Quote Originally Posted by quanah View Post
    It isn't "Zimbra" making it hard. It's the way the SSL software (OpenSSL specifically) works.
    --Quanah
    I have to disagree with that. SSL setup on many other systems is much easier. Probably due to good documentation.

    I accomplished the task with 4 commands. Only 1 is in the wiki and the 3 others are spread thought the forums and required modification.

    I will make a how to in case other people are using Digicert.

  9. #9
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    webaj did you post your digicert instructions anywhere yet?

    I have a *.domain.com wildcart cert as well, currently working for my webserver at www.domain.com. I copied the domain.com.crt , domain.com.key and DigiCert.crt file to the zimbra server to /opt/zimbra/ssl/zimbra/commercial/

    I ran
    ./zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/domain.com.crt /opt/zimbra/ssl/zimbra/commercial/DigiCertCA.crt

    but it complained about there being no commercial.key so i renamed my domain.com.key file to commercial.key and reran the command but now I get

    ** Verifying /opt/zimbra/ssl/zimbra/commercial/domain.com.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/ssl/zimbra/commercial/domain.com.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    XXXXX ERROR: Invalid Certificate: /opt/zimbra/ssl/zimbra/commercial/domain.com.crt: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global CA
    error 2 at 1 depth lookup:unable to get issuer certificate
    XXXXX ERROR: provided cert isn't valid.

    I agree a bit with the complicated part. I consider myself pretty brave but a lot of the wiki's involve doing things I'm afraid I'd be unable to undo if something went wrong.

  10. #10
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    ah, duh. i forgot to append the root cert to the bottom of digicert,crt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •