Results 1 to 4 of 4

Thread: Move GeoTrust commercial certificate from 4.5.5 to 5.0.4

Hybrid View

  1. #1
    Join Date
    Apr 2008
    Posts
    1
    Rep Power
    7

    Default Move GeoTrust commercial certificate from 4.5.5 to 5.0.4

    Here's my problem. I have the certificates from GeoTrust.
    I have the .csr file that i sent to them to get the .crt file. I have also the .cer file.

    The problem is that i cannot install this certificate into my Zimbra server.
    I have the files:
    - commercial.crt
    - commercial.csr
    - commercial_ca.crt which contains https://www.geotrust.com/resources/r..._Authority.cer
    - commercial.key and commercial.key.dec that i got from my previous installation of Zimbra (4.5.5) on which the certificate worked well.

    I tried to follow many how-to to get it running, but i still get errors.

    Code:
    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    XXXXX ERROR: Invalid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: /C=CN/O=mail.sh.powere2e.com/OU=GT26680211/OU=See www.geotrust.com/resources/cps (c)07/OU=Domain Control Validated - QuickSSL(R)/CN=mail.mydomain.com
    error 20 at 0 depth lookup:unable to get local issuer certificate

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Welcome to the forums

    Have you had a read of this Wiki entry ?

  3. #3
    Join Date
    Oct 2008
    Posts
    2
    Rep Power
    7

    Default Re: Move GeoTrust commercial certificate from 4.5.5 to 5.0.4

    I had gotten this same error and read the doc linked to above about certificate path validation. The signs seemed to point to a problem with the ca_chain. I quadruple-check my files for the the issued cert, root cert, and intermediate cert. What I missed, and what had caused the problem, was my commercial_ca.crt file in /opt/zimbra/ssl/zimbra/commercial. Instead of copying the combined root cert for my SSL cert provider and the intermediate cert, I had in error copied the issued cert. Be sure to check the content of your files!

  4. #4
    Join Date
    May 2006
    Location
    www.sjobeck.com
    Posts
    41
    Rep Power
    9

    Question


    I have installed a few dozen cert's on a few dozen boxes, as well as in to Zimbra, and feel like I understand it pretty well, however this specific server I am on today, is giving me this same error. I copied the cert' over to another machine & it verifies fine.

    I copy it to my totally up to date 10.5.8 Apple laptop & it fails to verify there too. I downloaded & redownloaded the authority's cert' & reverified it against that & it still fails. The server is centOS 5.3 x64 & brand new & up to date. I have read most all posts on this site & haven't gotten it yet. I have read a lot of posts on the openSSL mailing list as well & haven't gotten it yet. If any one has ever REALLY really wrestled with getting a Geotrust quickSSL cert' to verify on a Linux box, please chime in & I would be quite grateful. Cheers. Thanks. Peace.
    Thanks very much.

    Peace. Love. Linux.

    Jason Sjobeck
    xmpp:jason@sjobeck.com
    *Asterisk Consultant To The Stars *

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 04:08 AM
  2. Replies: 10
    Last Post: 04-08-2008, 07:37 AM
  3. Certificate fun...
    By TommyTheKid in forum Administrators
    Replies: 2
    Last Post: 02-12-2008, 05:32 PM
  4. Replies: 1
    Last Post: 11-05-2007, 06:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •