Move GeoTrust commercial certificate from 4.5.5 to 5.0.4
Here's my problem. I have the certificates from GeoTrust.
I have the .csr file that i sent to them to get the .crt file. I have also the .cer file.
The problem is that i cannot install this certificate into my Zimbra server.
I have the files:
- commercial_ca.crt which contains https://www.geotrust.com/resources/r..._Authority.cer
- commercial.key and commercial.key.dec that i got from my previous installation of Zimbra (4.5.5) on which the certificate worked well.
I tried to follow many how-to to get it running, but i still get errors.
** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
XXXXX ERROR: Invalid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: /C=CN/O=mail.sh.powere2e.com/OU=GT26680211/OU=See www.geotrust.com/resources/cps (c)07/OU=Domain Control Validated - QuickSSL(R)/CN=mail.mydomain.com
error 20 at 0 depth lookup:unable to get local issuer certificate
Re: Move GeoTrust commercial certificate from 4.5.5 to 5.0.4
I had gotten this same error and read the doc linked to above about certificate path validation. The signs seemed to point to a problem with the ca_chain. I quadruple-check my files for the the issued cert, root cert, and intermediate cert. What I missed, and what had caused the problem, was my commercial_ca.crt file in /opt/zimbra/ssl/zimbra/commercial. Instead of copying the combined root cert for my SSL cert provider and the intermediate cert, I had in error copied the issued cert. Be sure to check the content of your files!