Results 1 to 9 of 9

Thread: Trying to install QuickSSL certificate without any luck

  1. #1
    Join Date
    Oct 2007
    Posts
    31
    Rep Power
    8

    Default Trying to install QuickSSL certificate without any luck

    Hi folks,

    I am trying to install a QuickSSL certificate on a Zimbra 5.0.5 OSS Edition installation, installed on CentOS 4.5.

    With the GUI I am getting the following error message:

    Code:
    Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate Chain: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=NL/O=mail.domainname.tld/OU=GT17839061/OU=See www.geotrust.com/resources/cps (c)08/OU=Domain Control Validated - QuickSSL(R)/CN=mail.domainname.tld
    When I try it on the console I get the following error:

    Code:
    sudo zmcertmgr deploycrt comm
    
    ** Verifying /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    XXXXX ERROR: Invalid Certificate: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=NL/O=mail.domainname.tld/OU=GT17839061/OU=See www.geotrust.com/resources/cps (c)08/OU=Domain Control Validated - QuickSSL(R)/CN=mail.domainname.tld
    error 20 at 0 depth lookup:unable to get local issuer certificate
    XXXXX ERROR: provided cert isn't valid.
    PS. I changed the real hostname in 'mail.domainname.tld' in the errors above here.

    I have downloaded the certificates statet here:
    SSL Certificate, SSL, Server Certificates, Web Server Certificates
    Without any luck.
    Maybe some of the zimbra dev's or somebody else with the right knowledge may help me with this case ?

    Thanks in advance

  2. #2
    Join Date
    Oct 2007
    Posts
    31
    Rep Power
    8

    Default

    Somebody who may help me and maybe others with the same problems ?

  3. #3
    Join Date
    Oct 2007
    Posts
    31
    Rep Power
    8

    Default

    Well, let's try it again...
    It can't be true that I am the only one with this problem, isn't it ?

  4. #4
    Join Date
    Nov 2007
    Posts
    10
    Rep Power
    8

    Default Similar problems...

    I have had the same problems in my attempts to load a commercial certificate. There are some comments on a couple of posts in the wiki about how to load the certs, and modify the zmcertmgr file. Check out this link in the wiki:

    Commercial Certificate in 5.x - Zimbra :: Wiki

    I attempted the install earlier in the week and it screwed up startup of Zimbra because of certificate failures when LDAP tried to load. I was able to correct the error by creating new certs and deploying them via the CLI.

    This Saturday I will attempt to more closely follow the wiki link, and start over. If I am successful, then I will post my notes for you. In the meantime, if you figure it out first, please post your success.

    Thanks...and goodluck.

  5. #5
    Join Date
    Oct 2007
    Posts
    31
    Rep Power
    8

    Default

    Nope I didn't succeed
    I did try to follow the howto but didn't worked out.

  6. #6
    Join Date
    Nov 2007
    Posts
    10
    Rep Power
    8

    Default Same report for me...

    I did my best to follow the wiki over the weekend, and I could not get the certs to install. I don't know if this is a bug in the 5.05 that I am running or something else, but it failed on attempts to install either Verisign trial cert or FreeSSL trial cert.

    I will try to do some more research this week and let you know if I come up with a working solution.

  7. #7
    Join Date
    Apr 2008
    Location
    Seattle
    Posts
    37
    Rep Power
    8

    Default I get the same problem with godaddy.com

    I got the 'Invalid Certificate Chain' error as well when using the certificate wizard in the admin interface to install a commercial cert from godaddy.com. I followed the wiki instructions to no avail.

    Code:
    Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate Chain: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
    These are the files that I tried uploading via the certificate wizard after sending the generated csr to godaddy. I had to download these files from here: https://certs.godaddy.com/Repository.go, except for the server cert which was copied and pasted from my godaddy cert account into a text file (named with extention .cer via the godaddy instructions). I was forced to do the manual downloads because our spam filter service blocked the email with the attached certificate files.

    Certificate: my_server.cer (from my account)
    Root CA: gd-class2-root.crt (from the godaddy repository)
    Intermediate CA: gd_intermediate.crt (from the godaddy repository)
    Intermediate CA: gd_cross_intermediate.crt (from the godaddy repository)

    --ZCS OSS 5.0.4 on CentOS 5--

    Any help would be appreciated.

    -Paul

  8. #8
    Join Date
    Apr 2008
    Location
    Seattle
    Posts
    37
    Rep Power
    8

    Default godaddy chain complete

    Well I got the godaddy cert installed without the 'invalid cert chain' error (with the help of this thread). It turns out that I WAS installing the incorrect intermediate cert thus the cert chain wasn't going back to the CA. So this is officially what I uploaded in the web interface:

    Certificate: my_server.crt (copy/paste from my account)
    Root CA: gd-class2-root.crt (from the godaddy repository)
    Intermediate CA: gd_intermediate_bundle.crt (from the godaddy repository)

    the differences being that: 1. I changed the file extension of my server cert from cer to crt, and 2. that the gd_intermediate_bundle.crt is a concantination of the gd_intermediate.crt, gd_cross_intermediate.crt, and a third cert that matches no other cert that I had come across.

    If you want, you can go to the repository, download them and compare yourselves. Anyway, hope that helps a little for the original poster and the QuickSSL problem.

  9. #9
    Join Date
    May 2006
    Location
    www.sjobeck.com
    Posts
    41
    Rep Power
    10

    Default

    Thx for the very good extra notes on what made goDaddy fall in to line. The quickSSL product from geoTrust does not typically use an intermediate CA though. Just a tiny clarification is all.
    Thanks very much.

    Peace. Love. Linux.

    Jason Sjobeck
    xmpp:jason@sjobeck.com
    *Asterisk Consultant To The Stars *

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. Certificate fun...
    By TommyTheKid in forum Administrators
    Replies: 2
    Last Post: 02-12-2008, 04:32 PM
  3. Replies: 0
    Last Post: 01-15-2008, 12:33 PM
  4. Replies: 1
    Last Post: 11-05-2007, 05:55 PM
  5. Replies: 21
    Last Post: 09-27-2007, 11:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •