[SOLVED] Can't get SBS Instant Certificate Root "amp;amp; Intermediate to install

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
3545jallen
Posts: 19
Joined: Fri Sep 12, 2014 10:42 pm

[SOLVED] Can't get SBS Instant Certificate Root "amp;amp; Intermediate to install

Post by 3545jallen »

I tried the Zimbra 5.07 GUI... it won't install- I get :
Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: Invalid Certificate: Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: Invalid Certificate:
What I did:
Saved the Cert text as client.domain.com.crt and uploaded that along with the package A SBS-Instant packages as outlined here:
Secure Business Services - SSL,Secure Socket Layer,128-bit,validated,trusted,online transaction


And then I hit "Install Now" in the Zimbra 5.07 Admin Console... That;s when I get the error message.
I suppose I need to follow the rest of the directions? I was hoping that the Zimbra Admin installer would do the rest if I simply plug in the files that it needed..
Any one out there successfully install a SBS Instant Certificate on Zimbra? What are some gotchas?
Thanks,
Tim
3545jallen
Posts: 19
Joined: Fri Sep 12, 2014 10:42 pm

[SOLVED] Can't get SBS Instant Certificate Root "amp;amp; Intermediate to install

Post by 3545jallen »

I got it.
All I had to do was install for "-- all servers--" instead of choosing the specific domain that the certificate was purchased for. That was counter-intuitive to me, as --all server-- to me implied a wildcard certificate.
Anyway it was this thread that set me straight:


I">http://www.zimbra.com/forums/administra ... icate.html
I wanted to follow up here to seed the search engine with some more hits for SBS Instant Certificate. ;-)
3545jallen
Posts: 19
Joined: Fri Sep 12, 2014 10:42 pm

[SOLVED] Can't get SBS Instant Certificate Root "amp;amp; Intermediate to install

Post by 3545jallen »

Having same problem again :P
Your certificate was not installed due to the error : system failure: XXXXX ERROR: Unmatching certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current_comm.key) pair. Message: Your certificate was not installed due to the error : system failure: XXXXX ERROR: Unmatching certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current_comm.key) pair. Error code: ZaCertWizard.prototype.in...
I think it is because I forgot the above advice and made a CSR for zimbra.server.com instead of --all server-- and then proceeded to use the CSR code on SBS Instant Certificate order page on eNom... Am I screwed now?
I'm not sure how to renew certificates.. do I delete first?
3545jallen
Posts: 19
Joined: Fri Sep 12, 2014 10:42 pm

[SOLVED] Can't get SBS Instant Certificate Root "amp;amp; Intermediate to install

Post by 3545jallen »

Do I delete old certificate first?
I am still unable to renew my certificate.. I create a new CSR, and use that to make a new certificate, and then I install root, intermediate, and the certificate..
Result:
Your certificate was not installed due to the error : system failure XXXXX ERROR : Unmatching certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current_comm.key) pair.
I've already purchased a second certificate thinking my problem was specifying "zimbra.server.com" instead of --all server-- so generated CSR for --all server-- with same results.
Help please?
All done in admin GUI...
3545jallen
Posts: 19
Joined: Fri Sep 12, 2014 10:42 pm

[SOLVED] Can't get SBS Instant Certificate Root "amp;amp; Intermediate to install

Post by 3545jallen »

Ok, the fix was to INSTALL as zimbra.server.com NOT --all server-- after I made a CSR for --all server--
It finally took. I probably wasted my money on multiple certificates trying to solve this... I bet the first one would have worked.
When I first installed my FIRST commercial certificate I had to do --all server-- but when I replaced that certificate one year later, I had to do zimbra.server.com...
*scratching head*
Post Reply