Concatenate the root and intermediaries files?

Ask questions about your setup or get help installing ZCS server (ZD section below).
webaj
Posts: 17
Joined: Fri Sep 12, 2014 11:13 pm

Concatenate the root and intermediaries files?

Postby webaj » Mon Feb 11, 2008 8:53 am

Can someone please explain how to Concatenate the root and intermediaries files found here
How to manually install your commercial certificate in 5.x - Zimbra :: Wiki


dijichi2
Elite member
Elite member
Posts: 1133
Joined: Fri Sep 12, 2014 10:00 pm

Concatenate the root and intermediaries files?

Postby dijichi2 » Mon Feb 11, 2008 9:23 am

try

cat file1 file2 >file3
webaj
Posts: 17
Joined: Fri Sep 12, 2014 11:13 pm

Concatenate the root and intermediaries files?

Postby webaj » Mon Feb 11, 2008 3:45 pm

[quote user="dijichi2"]try

cat file1 file2 >file3[/QUOTE]
I made the file and followed the wiki for command line install. Here is my error
Error loading file cont.crt

15510:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:746:

15510:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:b y_file.c:280:

usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_ check] [-engine e] cert1 cert2 ...

recognized usages:

sslclient SSL client

sslserver SSL server

nssslserver Netscape SSL server

smimesign S/MIME signing

smimeencrypt S/MIME encryption

crlsign CRL signing

any Any Purpose

ocsphelper OCSP helper

XXXXX ERROR: Invalid Certificate:

XXXXX ERROR: provided cert isn't valid.
User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1666
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

Concatenate the root and intermediaries files?

Postby quanah » Tue Feb 12, 2008 1:20 am

[quote user="webaj"]I made the file and followed the wiki for command line install. Here is my error

[/QUOTE]

Don't concat the certs. Individual x509 hashes need to be made of each cert in the chain.
--Quanah
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
webaj
Posts: 17
Joined: Fri Sep 12, 2014 11:13 pm

Concatenate the root and intermediaries files?

Postby webaj » Tue Feb 12, 2008 6:14 am

[quote user="quanah"]Don't concat the certs. Individual x509 hashes need to be made of each cert in the chain.
--Quanah[/QUOTE]
How do I make x509 hashes? Why does Zimbra make this so damn hard?
webaj
Posts: 17
Joined: Fri Sep 12, 2014 11:13 pm

Concatenate the root and intermediaries files?

Postby webaj » Tue Feb 12, 2008 9:11 am

Solved.
I will write directions on how to use Digicert soon.
User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1666
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

Concatenate the root and intermediaries files?

Postby quanah » Tue Feb 12, 2008 10:08 am

[quote user="webaj"]Why does Zimbra make this so damn hard?[/QUOTE]
It isn't "Zimbra" making it hard. It's the way the SSL software (OpenSSL specifically) works.
And sorry, I misread what you were doing. You do have to initically concat them for zmcertmgr to split them apart and generate the hashes.
--Quanah
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
webaj
Posts: 17
Joined: Fri Sep 12, 2014 11:13 pm

Concatenate the root and intermediaries files?

Postby webaj » Tue Feb 12, 2008 11:25 am

[quote user="quanah"]It isn't "Zimbra" making it hard. It's the way the SSL software (OpenSSL specifically) works.

--Quanah[/QUOTE]
I have to disagree with that. SSL setup on many other systems is much easier. Probably due to good documentation.
I accomplished the task with 4 commands. Only 1 is in the wiki and the 3 others are spread thought the forums and required modification.
I will make a how to in case other people are using Digicert.
bdial
Elite member
Elite member
Posts: 1633
Joined: Fri Sep 12, 2014 10:39 pm

Concatenate the root and intermediaries files?

Postby bdial » Wed Feb 13, 2008 8:31 am

webaj did you post your digicert instructions anywhere yet?
I have a *.domain.com wildcart cert as well, currently working for my webserver at http://www.domain.com. I copied the domain.com.crt , domain.com.key and DigiCert.crt file to the zimbra server to /opt/zimbra/ssl/zimbra/commercial/
I ran

./zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/domain.com.crt /opt/zimbra/ssl/zimbra/commercial/DigiCertCA.crt
but it complained about there being no commercial.key so i renamed my domain.com.key file to commercial.key and reran the command but now I get
** Verifying /opt/zimbra/ssl/zimbra/commercial/domain.com.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key

Certificate (/opt/zimbra/ssl/zimbra/commercial/domain.com.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.

XXXXX ERROR: Invalid Certificate: /opt/zimbra/ssl/zimbra/commercial/domain.com.crt: /C=US/O=DigiCert Inc/OU=http://www.digicert.com/CN=DigiCert Global CA

error 2 at 1 depth lookup:unable to get issuer certificate

XXXXX ERROR: provided cert isn't valid.
I agree a bit with the complicated part. I consider myself pretty brave but a lot of the wiki's involve doing things I'm afraid I'd be unable to undo if something went wrong.
bdial
Elite member
Elite member
Posts: 1633
Joined: Fri Sep 12, 2014 10:39 pm

Concatenate the root and intermediaries files?

Postby bdial » Wed Feb 13, 2008 1:23 pm

ah, duh. i forgot to append the root cert to the bottom of digicert,crt

Return to “Installation and Upgrade”

Who is online

Users browsing this forum: Google [Bot] and 3 guests