Page 1 of 1

CA Cert

Posted: Wed Jun 11, 2008 9:51 am
by 4610silbro
Hello,
I don't understand what I am doing wrong... I want to install a CA Certificate (root certificate) but somehow can't get it done. I have the Server 5.0.6 and use the tool that you guys provide with Zimbra. I use the file that Zimbra makes and then make a key on cacert.org, so far everything works fine :) then i save what cacert.org made (the key) to a seperate file. I have tried .crt .pem. Both eventually don't work. And I also took the root certificate from cacert.org. Also all variants there are. Always gave me an error. What are the steps I need to follow? I feel so dumb not being able to achieve this with a tool... :(

CA Cert

Posted: Mon Jun 16, 2008 6:52 am
by 4610silbro
Is there nobody that can give me a little tutorial on this :X

CA Cert

Posted: Tue Jun 17, 2008 12:48 pm
by mlanner
I posted my specific problem in this thread:
http://www.zimbra.com/forums/installation/19168-commercial-certificate-installation-failed-create-jetty-pkcs12.html
>... but I think that overall this seems to be an issue. I don't think the documentation of this is terribly clear. Of course, it could just be me not getting it, but I see a lot of people here in forums asking very similar questions and having issues. If someone from Zimbra could help a little bit on this particular issue, I think a lot of us would appreciate it a lot. At least I know I would. :)
Thanks in advance.

CA Cert

Posted: Tue Jun 17, 2008 4:35 pm
by 4610silbro
I agree on the not so clear documentation. I always try to figure out things on my own, but here I just had no luck finding the documentation I need :) The one I read just leaves too many questions for noobs like me ;) Overall I do understand it... and also how certificates work (also made them before).

CA Cert

Posted: Tue Jun 17, 2008 8:05 pm
by mlanner
I'm marking this solved from my end.
Here's what I did:


    Used the Zimbra certificate wizard to "Generate the CSR for the commercial certificate authorizer."


    Purchased a certificate from GeoTrust using the CSR.


    Downloaded one of GeoTrust's root certificates in .cer format from their website.


    Once I had my .crt and the root .cer, I went back to the Zimbra certificate wizard and did the following:

    Selected the server name for which I wanted to install the certificate. (Originally I selected "--- All Servers ---" here. I think that is what caused the problem. Once I selected just one of the servers in the list, it worked fine.)


    At the Root / Root CA / Intermediate CA screen I browsed for my certificate (.crt) and the root CA (.cer) AND removed the Intermediate CA, as I didn't need that, clicked next ...


    Waited a little ... and the wizard told me it had been successfully installed.

    Rebooted the server (like the wizard told me to) ... and it now works just fine.

Hope this helps someone else.

CA Cert

Posted: Wed Oct 08, 2008 1:40 pm
by brained
[quote user="mlanner"]I'm marking this solved from my end.
Here's what I did:


    Used the Zimbra certificate wizard to "Generate the CSR for the commercial certificate authorizer."


    Purchased a certificate from GeoTrust using the CSR.


    Downloaded one of GeoTrust's root certificates in .cer format from their website.


    Once I had my .crt and the root .cer, I went back to the Zimbra certificate wizard and did the following:

    Selected the server name for which I wanted to install the certificate. (Originally I selected "--- All Servers ---" here. I think that is what caused the problem. Once I selected just one of the servers in the list, it worked fine.)


    At the Root / Root CA / Intermediate CA screen I browsed for my certificate (.crt) and the root CA (.cer) AND removed the Intermediate CA, as I didn't need that, clicked next ...


    Waited a little ... and the wizard told me it had been successfully installed.

    Rebooted the server (like the wizard told me to) ... and it now works just fine.

Hope this helps someone else.[/QUOTE]

Which root cert did you use? I also have a cert from GeoTrust and due to a upgrade error had it reissued. Now I get a Invalid Certificate Chain message when installing it. I previously used Equifax_Secure_Certificate_Authority.cer, but none of the eight root certs from GeoTrust get me past the error.

CA Cert

Posted: Wed Oct 08, 2008 2:37 pm
by mlanner
I think I just used root cert number one. I can't remember 100%, but I'm fairly certain that's what I used.