Unmatching certificate

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Martinwiertz
Posts: 45
Joined: Sat Sep 13, 2014 3:55 am

Unmatching certificate

Postby Martinwiertz » Sun Jan 31, 2016 3:14 pm

Hi,



I need your assistance, please.


I generated a CSR to mij server zimbra.A.local and have an external internet domain called zimbra.A.info. The only difference is .local and .info.


The CSR check with Symantec provides an error. Invalid subject alternative name (SAN). The names zimbra.A.local and www.A.info are displayed.



My analisys is that is should change my Zimbra servername and reapply for a certificate without .local name. Correct?


Verificrt:


/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid.


Versie 8.6.0_GA_1191.NETWORK 16 dec 2015



imanudin11
Outstanding Member
Outstanding Member
Posts: 297
Joined: Sat Sep 13, 2014 2:23 am
ZCS/ZD Version: Release 8.8.15.GA.3829.UBUNTU16.64
Contact:

Unmatching certificate

Postby imanudin11 » Mon Feb 01, 2016 1:39 am

Hi


[quote user="Martinwiertz"]


Hi,



I need your assistance, please.


I generated a CSR to mij server zimbra.A.local and have an external internet domain called zimbra.A.info. The only difference is .local and .info.


The CSR check with Symantec provides an error. Invalid subject alternative name (SAN). The names zimbra.A.local and www.A.info are displayed.



My analisys is that is should change my Zimbra servername and reapply for a certificate without .local name. Correct?


[/quote]


I think it's could be the reason :)


[quote]


Verificrt:


/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid.


Versie 8.6.0_GA_1191.NETWORK 16 dec 2015



[/quote]


Are you generate CSR in same server (Zimbra) or from other server? if from other server, please copy commercial.key and placed in /opt/zimbra/ssl/zimbra/commercial/ folder

**

Best Regards,
Ahmad Imanudin - Sharing is Beautiful !
Personal Blog [EN] :http://www.imanudin.net
Martinwiertz
Posts: 45
Joined: Sat Sep 13, 2014 3:55 am

Unmatching certificate

Postby Martinwiertz » Mon Feb 01, 2016 1:47 am

Ahmad,



Thanks for your reply... so change servername is key. Hmm, hoped this wouldn't be necessary due to impact. Everything has to be ok or Zimbra won't run anymore. I have a daily backup. :-)



I am administering at the machine. File location is ok. Commercial.key is not a file which is provided by certificate CA. only CRT-files.
Martinwiertz
Posts: 45
Joined: Sat Sep 13, 2014 3:55 am

Unmatching certificate

Postby Martinwiertz » Mon Feb 01, 2016 11:37 am

Hello,



It's solved!!



Solution was comparison of the original commercial.key with the new commercial certificate. The stdin code must be equal. With some much appreciated help from www.sslcertificaten.nl it worked.



https://wiki.zimbra.com/wiki/Administration_Console_and_CLI_Certificate_Tools



/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt



/opt/zimbra/bin/zmcertmgr viewdeployedcrt



Thanks!

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 17 guests