Hi,
I need your assistance, please.
I generated a CSR to mij server zimbra.A.local and have an external internet domain called zimbra.A.info. The only difference is .local and .info.
The CSR check with Symantec provides an error. Invalid subject alternative name (SAN). The names zimbra.A.local and www.A.info are displayed.
My analisys is that is should change my Zimbra servername and reapply for a certificate without .local name. Correct?
Verificrt:
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid.
Versie 8.6.0_GA_1191.NETWORK 16 dec 2015
Unmatching certificate
-
- Advanced member
- Posts: 85
- Joined: Sat Sep 13, 2014 3:55 am
- Location: The Netherlands
- ZCS/ZD Version: V10 FOSS Intalio on Ubuntu20.04
-
- Outstanding Member
- Posts: 304
- Joined: Sat Sep 13, 2014 2:23 am
- ZCS/ZD Version: Release 8.8.15.GA.3829.UBUNTU16.64
- Contact:
Unmatching certificate
Hi
[quote user="Martinwiertz"]
Hi,
I need your assistance, please.
I generated a CSR to mij server zimbra.A.local and have an external internet domain called zimbra.A.info. The only difference is .local and .info.
The CSR check with Symantec provides an error. Invalid subject alternative name (SAN). The names zimbra.A.local and www.A.info are displayed.
My analisys is that is should change my Zimbra servername and reapply for a certificate without .local name. Correct?
[/quote]
I think it's could be the reason
[quote]
Verificrt:
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid.
Versie 8.6.0_GA_1191.NETWORK 16 dec 2015
[/quote]
Are you generate CSR in same server (Zimbra) or from other server? if from other server, please copy commercial.key and placed in /opt/zimbra/ssl/zimbra/commercial/ folder
[quote user="Martinwiertz"]
Hi,
I need your assistance, please.
I generated a CSR to mij server zimbra.A.local and have an external internet domain called zimbra.A.info. The only difference is .local and .info.
The CSR check with Symantec provides an error. Invalid subject alternative name (SAN). The names zimbra.A.local and www.A.info are displayed.
My analisys is that is should change my Zimbra servername and reapply for a certificate without .local name. Correct?
[/quote]
I think it's could be the reason
[quote]
Verificrt:
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid.
Versie 8.6.0_GA_1191.NETWORK 16 dec 2015
[/quote]
Are you generate CSR in same server (Zimbra) or from other server? if from other server, please copy commercial.key and placed in /opt/zimbra/ssl/zimbra/commercial/ folder
**
Best Regards,
Ahmad Imanudin - Sharing is Beautiful !
Personal Blog [EN] :http://www.imanudin.net
Best Regards,
Ahmad Imanudin - Sharing is Beautiful !
Personal Blog [EN] :http://www.imanudin.net
-
- Advanced member
- Posts: 85
- Joined: Sat Sep 13, 2014 3:55 am
- Location: The Netherlands
- ZCS/ZD Version: V10 FOSS Intalio on Ubuntu20.04
Unmatching certificate
Ahmad,
Thanks for your reply... so change servername is key. Hmm, hoped this wouldn't be necessary due to impact. Everything has to be ok or Zimbra won't run anymore. I have a daily backup.
I am administering at the machine. File location is ok. Commercial.key is not a file which is provided by certificate CA. only CRT-files.
Thanks for your reply... so change servername is key. Hmm, hoped this wouldn't be necessary due to impact. Everything has to be ok or Zimbra won't run anymore. I have a daily backup.
I am administering at the machine. File location is ok. Commercial.key is not a file which is provided by certificate CA. only CRT-files.
-
- Advanced member
- Posts: 85
- Joined: Sat Sep 13, 2014 3:55 am
- Location: The Netherlands
- ZCS/ZD Version: V10 FOSS Intalio on Ubuntu20.04
Unmatching certificate
Hello,
It's solved!!
Solution was comparison of the original commercial.key with the new commercial certificate. The stdin code must be equal. With some much appreciated help from www.sslcertificaten.nl it worked.
https://wiki.zimbra.com/wiki/Administra ... cate_Tools
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
Thanks!
It's solved!!
Solution was comparison of the original commercial.key with the new commercial certificate. The stdin code must be equal. With some much appreciated help from www.sslcertificaten.nl it worked.
https://wiki.zimbra.com/wiki/Administra ... cate_Tools
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
Thanks!