Trying to install QuickSSL certificate without any luck
-
- Posts: 32
- Joined: Fri Sep 12, 2014 11:10 pm
Trying to install QuickSSL certificate without any luck
Hi folks,
I am trying to install a QuickSSL certificate on a Zimbra 5.0.5 OSS Edition installation, installed on CentOS 4.5.
With the GUI I am getting the following error message:
Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate Chain: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=NL/O=mail.domainname.tld/OU=GT17839061/OU=See http://www.geotrust.com/resources/cps"> ... ources/cps (c)08/OU=Domain Control Validated - QuickSSL(R)/CN=mail.domainname.tld
When I try it on the console I get the following error:
sudo zmcertmgr deploycrt comm
** Verifying /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
XXXXX ERROR: Invalid Certificate: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=NL/O=mail.domainname.tld/OU=GT17839061/OU=See http://www.geotrust.com/resources/cps"> ... ources/cps (c)08/OU=Domain Control Validated - QuickSSL(R)/CN=mail.domainname.tld
error 20 at 0 depth lookup:unable to get local issuer certificate
XXXXX ERROR: provided cert isn't valid.
PS. I changed the real hostname in 'mail.domainname.tld' in the errors above here.
I have downloaded the certificates statet here:
SSL Certificate, SSL, Server Certificates, Web Server Certificates
Without any luck.
Maybe some of the zimbra dev's or somebody else with the right knowledge may help me with this case ?
Thanks in advance
I am trying to install a QuickSSL certificate on a Zimbra 5.0.5 OSS Edition installation, installed on CentOS 4.5.
With the GUI I am getting the following error message:
Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate Chain: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=NL/O=mail.domainname.tld/OU=GT17839061/OU=See http://www.geotrust.com/resources/cps"> ... ources/cps (c)08/OU=Domain Control Validated - QuickSSL(R)/CN=mail.domainname.tld
When I try it on the console I get the following error:
sudo zmcertmgr deploycrt comm
** Verifying /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
XXXXX ERROR: Invalid Certificate: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=NL/O=mail.domainname.tld/OU=GT17839061/OU=See http://www.geotrust.com/resources/cps"> ... ources/cps (c)08/OU=Domain Control Validated - QuickSSL(R)/CN=mail.domainname.tld
error 20 at 0 depth lookup:unable to get local issuer certificate
XXXXX ERROR: provided cert isn't valid.
PS. I changed the real hostname in 'mail.domainname.tld' in the errors above here.
I have downloaded the certificates statet here:
SSL Certificate, SSL, Server Certificates, Web Server Certificates
Without any luck.
Maybe some of the zimbra dev's or somebody else with the right knowledge may help me with this case ?
Thanks in advance
-
- Posts: 32
- Joined: Fri Sep 12, 2014 11:10 pm
Trying to install QuickSSL certificate without any luck
Somebody who may help me and maybe others with the same problems ?
-
- Posts: 32
- Joined: Fri Sep 12, 2014 11:10 pm
Trying to install QuickSSL certificate without any luck
Well, let's try it again...
It can't be true that I am the only one with this problem, isn't it ?
It can't be true that I am the only one with this problem, isn't it ?
-
- Posts: 8
- Joined: Fri Sep 12, 2014 11:12 pm
Trying to install QuickSSL certificate without any luck
I have had the same problems in my attempts to load a commercial certificate. There are some comments on a couple of posts in the wiki about how to load the certs, and modify the zmcertmgr file. Check out this link in the wiki:
Commercial Certificate in 5.x - Zimbra :: Wiki
I attempted the install earlier in the week and it screwed up startup of Zimbra because of certificate failures when LDAP tried to load. I was able to correct the error by creating new certs and deploying them via the CLI.
This Saturday I will attempt to more closely follow the wiki link, and start over. If I am successful, then I will post my notes for you. In the meantime, if you figure it out first, please post your success.
Thanks...and goodluck.
Commercial Certificate in 5.x - Zimbra :: Wiki
I attempted the install earlier in the week and it screwed up startup of Zimbra because of certificate failures when LDAP tried to load. I was able to correct the error by creating new certs and deploying them via the CLI.
This Saturday I will attempt to more closely follow the wiki link, and start over. If I am successful, then I will post my notes for you. In the meantime, if you figure it out first, please post your success.
Thanks...and goodluck.
-
- Posts: 32
- Joined: Fri Sep 12, 2014 11:10 pm
Trying to install QuickSSL certificate without any luck
Nope I didn't succeed
I did try to follow the howto but didn't worked out.
I did try to follow the howto but didn't worked out.
-
- Posts: 8
- Joined: Fri Sep 12, 2014 11:12 pm
Trying to install QuickSSL certificate without any luck
I did my best to follow the wiki over the weekend, and I could not get the certs to install. I don't know if this is a bug in the 5.05 that I am running or something else, but it failed on attempts to install either Verisign trial cert or FreeSSL trial cert.
I will try to do some more research this week and let you know if I come up with a working solution.
I will try to do some more research this week and let you know if I come up with a working solution.
-
- Posts: 36
- Joined: Fri Sep 12, 2014 11:28 pm
Trying to install QuickSSL certificate without any luck
I got the 'Invalid Certificate Chain' error as well when using the certificate wizard in the admin interface to install a commercial cert from godaddy.com. I followed the wiki instructions to no avail.
Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate Chain: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
These are the files that I tried uploading via the certificate wizard after sending the generated csr to godaddy. I had to download these files from here: https://certs.godaddy.com/Repository.go[/url], except for the server cert which was copied and pasted from my godaddy cert account into a text file (named with extention .cer via the godaddy instructions). I was forced to do the manual downloads because our spam filter service blocked the email with the attached certificate files.
Certificate: my_server.cer (from my account)
Root CA: gd-class2-root.crt (from the godaddy repository)
Intermediate CA: gd_intermediate.crt (from the godaddy repository)
Intermediate CA: gd_cross_intermediate.crt (from the godaddy repository)
--ZCS OSS 5.0.4 on CentOS 5--
Any help would be appreciated.
-Paul
Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate Chain: /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt: /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
These are the files that I tried uploading via the certificate wizard after sending the generated csr to godaddy. I had to download these files from here: https://certs.godaddy.com/Repository.go[/url], except for the server cert which was copied and pasted from my godaddy cert account into a text file (named with extention .cer via the godaddy instructions). I was forced to do the manual downloads because our spam filter service blocked the email with the attached certificate files.
Certificate: my_server.cer (from my account)
Root CA: gd-class2-root.crt (from the godaddy repository)
Intermediate CA: gd_intermediate.crt (from the godaddy repository)
Intermediate CA: gd_cross_intermediate.crt (from the godaddy repository)
--ZCS OSS 5.0.4 on CentOS 5--
Any help would be appreciated.
-Paul
-
- Posts: 36
- Joined: Fri Sep 12, 2014 11:28 pm
Trying to install QuickSSL certificate without any luck
Well I got the godaddy cert installed without the 'invalid cert chain' error (with the help of this thread). It turns out that I WAS installing the incorrect intermediate cert thus the cert chain wasn't going back to the CA. So this is officially what I uploaded in the web interface:
Certificate: my_server.crt (copy/paste from my account)
Root CA: gd-class2-root.crt (from the godaddy repository)
Intermediate CA: gd_intermediate_bundle.crt (from the godaddy repository)
the differences being that: 1. I changed the file extension of my server cert from cer to crt, and 2. that the gd_intermediate_bundle.crt is a concantination of the gd_intermediate.crt, gd_cross_intermediate.crt, and a third cert that matches no other cert that I had come across.
If you want, you can go to the repository, download them and compare yourselves. Anyway, hope that helps a little for the original poster and the QuickSSL problem.
Certificate: my_server.crt (copy/paste from my account)
Root CA: gd-class2-root.crt (from the godaddy repository)
Intermediate CA: gd_intermediate_bundle.crt (from the godaddy repository)
the differences being that: 1. I changed the file extension of my server cert from cer to crt, and 2. that the gd_intermediate_bundle.crt is a concantination of the gd_intermediate.crt, gd_cross_intermediate.crt, and a third cert that matches no other cert that I had come across.
If you want, you can go to the repository, download them and compare yourselves. Anyway, hope that helps a little for the original poster and the QuickSSL problem.
-
- Posts: 41
- Joined: Fri Sep 12, 2014 10:11 pm
Trying to install QuickSSL certificate without any luck
Thx for the very good extra notes on what made goDaddy fall in to line. The quickSSL product from geoTrust does not typically use an intermediate CA though. Just a tiny clarification is all.