Hi Everyone,

I successfully installed a commercial cert on a 5.0.5 installation. Then that installation got corrupted and my backups weren't any good. Luckily this system is not in production yet and I have a little time to start from scratch.

However, when I tried following the instructions to install a commercial cert onto a new 5.0.7 installation manually according to Commercial Certificate in 5.x - Zimbra :: Wiki

I get the following:

[root@kasha commercial]# ls -al
total 40
drwxr----- 2 root root 4096 Jul 3 15:27 .
drwxr----- 5 root root 4096 Jul 3 14:38 ..
-rw-r----- 1 root root 2436 May 22 14:37 commercial.crt
-rw-r----- 1 root root 887 May 20 14:28 commercial.key
-rw-r--r-- 1 root root 1127 Jul 3 15:27 ThawteServerCA_b64.txt

[root@kasha commercial]# /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt ThawteServerCA_b64.txt
** Verifying commercial.crt against commercial.key
Certificate (commercial.crt) and private key (commercial.key) match.
Valid Certificate: commercial.crt: OK
[root@kasha commercial]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt ThawteServerCA_b64.txt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: commercial.crt: OK
** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
cp: `commercial.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial.crt' are the same file
** Appending ca chain ThawteServerCA_b64.txt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

XXXXX ERROR: failed to create jetty.pkcs12
No certificate matches private key

Can anyone tell me how to fix this? I have access to the old 5.0.5 setup and all of its files if needed. I'd really like to avoid getting another csr signed from Thawte, if possible. Thanks!

Martin