Results 1 to 5 of 5

Thread: Installing existing ssl certificates

  1. #1
    Join Date
    Oct 2009
    Posts
    7
    Rep Power
    6

    Default Installing existing ssl certificates

    Hi, I am a newbie when it comes to unix based OS's, zimbra and ssl and I have recently been given the assignment of setting up a zimbra server on ubuntu 8.04 using already purchased/ signed certificates from godaddy.com. I have the server up and running and the few remaining tasks include installing the ssl certificates I was provided. How do I go about this?

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

  3. #3
    Join Date
    Oct 2009
    Posts
    7
    Rep Power
    6

    Default

    Installation Prequisites

    This article is written for installations that meet the following prerequisites.

    * This is a new certificate.
    * You generated the CSR via the Administration Console.
    * You sent the CSR to get it signed
    * Download the following files from https://certs.godaddy.com/Repository.go
    * The /opt/zimbra/ssl/zimbra/commercial has two files:
    o commercial.key
    o commercial.csr

    If your certificate does not meet the above prerequisites, the following installation instructions may not work.
    ---------------------------------------------------------------------------------
    ZCS Version: Release 6.0.1_GA_1816.UBUNTU8_64 UBUNTU8_64 FOSS edition

    The certs I was provided with were not generated with the administration console, I was told they were signed. These are not new certs. Is it possible to install these ssl certs even though they do not meet that criteria?
    Last edited by jld1989; 10-19-2009 at 05:02 PM.

  4. #4
    Join Date
    Oct 2009
    Posts
    7
    Rep Power
    6

    Default

    I found a way to deploy the certs however it is causing an "Unable to determine enabled services from ldap. Enabled services read from cache. Service list may be inaccurate." error. I was provided with a matching .key and .crt file for the company domain as well as a gd_bundle.crt. The process I am using to deploy these certs is as follows. I first generate a commercial.csr and commercial.key file from the administration console. I then replace the commercial.key file with the key I was provided with, I rename it to commercial.key and adjust permission to match with original commercial.key file. I rename the gd_bundle.crt to commercial_ca.crt and rename the domains cert to commercial.crt and verify the certs with /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./commercial.crt ./commercial_ca.crt It is successful. I then proceed to deploy the certs using the /opt/zimbra/bin/zmcertmgr deploycrt comm ./commercial.crt. /commercial_ca.crt command and that to is successful.
    Following that I restart zimbra and I am then presented with this.

    Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Starting logger...Done.
    Starting mailbox...Done.
    Starting memcached...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats...Done.
    I am unable to access the administration console and the server is not functional in the least. Any help would be much appreciated.

    Oh, the cert I was provided with is a wild card cert.
    Last edited by jld1989; 10-21-2009 at 02:28 PM.

  5. #5
    Join Date
    Jan 2008
    Location
    Austin, TX
    Posts
    17
    Rep Power
    7

    Default

    Did you ever get your wildcard installed and working? I'd like to do the same but, I'm afraid I might break my install like yours is. Just wondering if you found a workaround. I extra cautious since I have multiple servers and breaking LDAP would break their functionality.

Similar Threads

  1. Installing commercial ssl on zimbra cs (network ed.)
    By keithop in forum Administrators
    Replies: 4
    Last Post: 04-28-2009, 04:16 PM
  2. [SOLVED] Installing existing SSL certificates (solved)
    By inigoml in forum Administrators
    Replies: 22
    Last Post: 02-24-2009, 09:32 AM
  3. [SOLVED] Installing mailboxd SSL certificates...failed
    By sohailm6 in forum Installation
    Replies: 2
    Last Post: 09-24-2008, 02:01 AM
  4. Replies: 0
    Last Post: 01-15-2008, 12:33 PM
  5. Replies: 1
    Last Post: 11-05-2007, 05:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •