Results 1 to 6 of 6

Thread: New ipsCA will not install

  1. #1
    Join Date
    Oct 2007
    Posts
    70
    Rep Power
    8

    Default New ipsCA will not install

    Zimbra is not accepting the new ipsCA cert, even though I used the *same* cert request file that I used for the old cert.

    The error is:

    Your certificate was not installed due to the error : system failure: XXXXX ERROR: Unmatching certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/mailboxd/webapps/aimbraAdmin/tmp/current_comm.key) pair.

    I am about ready to take this whole package and throw it out, I am so sick of it all. If it's not one thing, it's another going wrong with Zimbra.
    - Misty

  2. #2
    Join Date
    Jan 2007
    Location
    Minnesota
    Posts
    719
    Rep Power
    9

    Default

    I could still swear that I submitted the right CSR for a cert I recently got from startssl (in favor of which we dumped ipsCA for class 1 certs).

    But I clearly didn't. It matched the key for a completely different server that I'd submitted around the same time.

    Use the command line ~zimbra/bin/zmcertmgr verifycrt to match keys, certs, and trust chains, and zmcertmgr deploycrt to install.

    By the way, neither ipsCA nor startssl is going to be trusted by many cell phones. If that's important to you, GoDaddy's class 1 certs seem to be as low-end as you can go. They're not the $0 that ipsCA charges .edu's, but they're very inexpensive, especially if you do a web search for discount codes.

  3. #3
    Join Date
    Oct 2007
    Posts
    70
    Rep Power
    8

    Default

    Unfortunately this cert is a replaceemnt for an existing cert that is paid for two years in advance. To change now would not receive easy approval with management.
    - Misty

  4. #4
    Join Date
    Oct 2007
    Posts
    70
    Rep Power
    8

    Default

    I am getting a strange error now, is Zimbra not compatible with the new ipsCA certificates? I made a whole new certificate request this time.

    Here is the error:

    Zimbra Administration

    Your certificate was not installed due to the error: system failure: XXXXX ERROR: Invalid Certificate Chain: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=ES/ST=MADRID/L=MADRID/O=ips Certification Authority/OU=Certificationes/CN=ipsCA Level 1 CA/emailAddress=ipscalevel1@ipsca.com

    I can understand where Zimbra would not like something I did, but rejecting a new Level 1 certificate that is working for many other people is something I do not understand.
    - Misty

  5. #5
    Join Date
    Dec 2009
    Location
    Singapore and India
    Posts
    42
    Rep Power
    6

    Default

    So I am assuming (since you have not mentioned) the following :

    - You have generated a new key and csr
    - Using the above you have requested a new crt (for extension)
    - You are installing using text-mode for installation on Zimbra

    The above steps would be a good way to get a new crt installed. The first error is certainly a mismatch between your key and crt files. You can always generate a new set of key/csr and request your crt to be re-keyed. Then install all three using the text-mode way.

    You can refer my older post here for console installation > http://www.zimbra.com/forums/165229-post3.html
    VBNCloud & VBNMail - Administrator
    Zimbra OSS with Full Cloud Files/Gallery Services [Under Dev]

  6. #6
    Join Date
    Oct 2007
    Posts
    70
    Rep Power
    8

    Default

    I can generate a new key, or I must generate a new key?

    The first time I tried this, ipsCA said I could jsut submit my original CSR, so I did that, sent it to ipsCA, got a new cert, and it did not work.

    The second time, I generated a new CSR, submitted it to ipsCA, got a new cert, and it does not work.

    This is command line or GUI, and I include the new ipsCA Level 1 and Intermediate certificates as well (of course).
    - Misty

Similar Threads

  1. [SOLVED] ipsCA SSL Certificate Install Problems (Zimbra 5.0.7)
    By thunder04 in forum General Questions
    Replies: 3
    Last Post: 08-14-2008, 09:50 AM
  2. Replies: 21
    Last Post: 09-27-2007, 12:49 PM
  3. Replies: 16
    Last Post: 11-29-2006, 10:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •