Results 1 to 2 of 2

Thread: persistent errors comodo ssl certificate installation

  1. #1
    Join Date
    Jan 2009
    Rep Power

    Exclamation persistent errors comodo ssl certificate installation

    Since our certificate expired, I have been unable to install a new Comodo certificate.

    It is unclear to me, what are the exact steps to clean everything and start from scratch.

    The main steps I am taking are to generate a new CSR via the admin webconsole and submit that to Comodo, then to either via the commandline concatenate a bundle and verify the certificate - which generates an error - or install the certificate via the admin web console - which generates an error, also.

    The errors that are being generated are:
    (admin web console
    Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate Chain:


    root@mail:/tmp# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/ commercial/commercial.key /tmp/manascmail_com.crt
    ** Verifying /tmp/manascmail_com.crt against /opt/zimbra/ssl/zimbra/commercial/c ommercial.key
    Certificate (/tmp/manascmail_com.crt) and private key (/opt/zimbra/ssl/zimbra/co mmercial/commercial.key) match.
    Error loading file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
    19555:error:02001002:system library:fopen:No such file or directory:bss_file.c:1 26:fopen('/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt','r')
    19555:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:129:
    19555:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system li b:by_file.c:274:

    It seems obvious that the second error explains the invalid chain error, but I don't understand how I can generate a commercial_ca.crt.

    We are using Zimbra Release 6.0.1_GA_1816.UBUNTU8_64 UBUNTU8_64 FOSS edition.

    The new certificate has a 5 year validity.
    Zimbra was upgraded since the last certificate installation.

    Thanks for any input on this matter :-)

  2. #2
    Join Date
    Jan 2009
    Rep Power


    Ok, I copied the commercial_ca.crt to the correct dir

    Now I am (back) at an error I had in earlier attemps of installing the certificate:

    root@mail:/tmp# cp CARoot.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
    root@mail:/tmp# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/manascmail_com.crt
    ** Verifying /tmp/manascmail_com.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/manascmail_com.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    XXXXX ERROR: Invalid Certificate: /tmp/manascmail_com.crt: /C=CA/ST=Alberta/L=Edmonton/O=Manasc Isaac Architects Ltd/OU=IT/OU=Comodo InstantSSL/

    error 20 at 0 depth lookup:unable to get local issuer certificate

    The article "Unable to get issuer certificate" is pointing to this article:
    Cryptography Tutorials - Herong's Tutorial Notes - OpenSSL - Certification Path and Validation which is an awesome read, but does not give me clear instructions on how to fix it.

    Any help still appreciated :-)

Similar Threads

  1. SSL Certificate installation
    By premoddev in forum Administrators
    Replies: 1
    Last Post: 10-24-2012, 09:37 AM
  2. ssl certificate installation
    By sikander in forum Installation
    Replies: 10
    Last Post: 11-19-2009, 04:07 AM
  3. SSL Certificate Installation for Multidomain name
    By syedbilalmasaud in forum Installation
    Replies: 4
    Last Post: 10-05-2009, 07:07 AM
  4. Replies: 5
    Last Post: 04-27-2009, 06:53 PM
  5. SSL Certificate Installation Problem
    By tkramis in forum Administrators
    Replies: 5
    Last Post: 05-07-2008, 04:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts