Results 1 to 5 of 5

Thread: Problem installing certificate

  1. #1
    Join Date
    Jan 2012
    Posts
    3
    Rep Power
    3

    Default Problem installing certificate

    Hi everyone,

    I'm currently trying to install a certificate in a Zimbra installation. The certificate is already working with the Apache2 webserver. The CRS was created with the system's openssl installation.

    When doing
    Code:
    /opt/zimbra/bin/zmcertmgr verifycrt comm private.key public.crt intermediate.crt
    I get the following error:
    Code:
    error 2 at 2 depth lookup:unable to get issuer certificate
    That error is produced by the following call:
    Code:
    /opt/zimbra/openssl/bin/openssl verify -purpose sslserver -CAfile intermediate.crt public.crt
    But when doing the same call with the system's openssl installation:
    Code:
    /usr/bin/openssl verify -purpose sslserver -CAfile intermediate.crt public.crt
    I get the following output:
    Code:
    public.crt: OK
    The only difference I could find between the two openssl instances was:

    Code:
    /usr/bin/openssl version
    OpenSSL 0.9.8k 25 Mar 2009
    
    /opt/zimbra/openssl/bin/openssl version
    OpenSSL 0.9.8o 01 Jun 2010
    So, eventually the question is: how to solve the problem?

  2. #2
    Join Date
    Jan 2012
    Posts
    3
    Rep Power
    3

    Default

    Hi vavai,

    The issuer is Thawte.

  3. #3
    Join Date
    Jan 2012
    Posts
    3
    Rep Power
    3

    Default

    Thank you, concatinating the root certificate to the intermediate one did the trick.

    Someone should seriously write that down that the openssl version of Zimbra requires the root certificate as well, and not only the intermediate one.
    Last edited by dasprid; 01-04-2012 at 10:13 AM.

  4. #4
    Join Date
    Jan 2012
    Posts
    1
    Rep Power
    3

    Default

    Quote Originally Posted by dasprid View Post
    Hi everyone,

    I'm currently trying to install a certificate in a Zimbra installation. The certificate is already working with the Apache2 webserver. The CRS was created with the system's openssl installation.

    When doing
    Code:
    /opt/zimbra/bin/zmcertmgr verifycrt comm private.key public.crt intermediate.crt
    I get the following error:
    Code:
    error 2 at 2 depth lookup:unable to get issuer certificate
    That error is produced by the following call:
    Code:
    /opt/zimbra/openssl/bin/openssl verify -purpose sslserver -CAfile intermediate.crt public.crt
    But when doing the same call with the system's openssl installation:
    Code:
    /usr/bin/openssl verify -purpose sslserver -CAfile intermediate.crt public.crt
    I get the following output:
    Code:
    public.crt: OK
    The only difference I could find between the two openssl instances was:

    Code:
    /usr/bin/openssl version
    OpenSSL 0.9.8k 25 Mar 2009
    
    /opt/zimbra/openssl/bin/openssl version
    OpenSSL 0.9.8o 01 Jun 2010
    So, eventually the question is: how to solve the problem?

    Thank you, concatinating the root certificate to the intermediate one did the trick.

  5. #5
    Join Date
    Dec 2010
    Posts
    24
    Rep Power
    4

    Default

    Quote Originally Posted by dasprid View Post
    Thank you, concatinating the root certificate to the intermediate one did the trick.

    Someone should seriously write that down that the openssl version of Zimbra requires the root certificate as well, and not only the intermediate one.
    I had this same problem and was also able to resolve it by concatenating the root certificate with the intermediate ones. I have added a note about this to the wiki on this page:
    Preexisting Certifcate Installation for Zimbra 6.0 - Zimbra :: Wiki

Similar Threads

  1. Replies: 4
    Last Post: 03-18-2008, 09:03 AM
  2. Replies: 5
    Last Post: 11-19-2007, 09:26 AM
  3. Replies: 1
    Last Post: 11-05-2007, 05:55 PM
  4. I met a refused problem (installing source code):
    By wildhuman in forum Developers
    Replies: 1
    Last Post: 09-05-2006, 03:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •