Unmatching certificate

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
Martinwiertz
Advanced member
Advanced member
Posts: 85
Joined: Sat Sep 13, 2014 3:55 am
Location: The Netherlands
ZCS/ZD Version: V10 FOSS Intalio on Ubuntu20.04

Unmatching certificate

Post by Martinwiertz »

Hi,

I need your assistance, please.
I generated a CSR to mij server zimbra.A.local and have an external internet domain called zimbra.A.info. The only difference is .local and .info.
The CSR check with Symantec provides an error. Invalid subject alternative name (SAN). The names zimbra.A.local and www.A.info are displayed.

My analisys is that is should change my Zimbra servername and reapply for a certificate without .local name. Correct?
Verificrt:
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid.
Versie 8.6.0_GA_1191.NETWORK 16 dec 2015
imanudin11
Outstanding Member
Outstanding Member
Posts: 304
Joined: Sat Sep 13, 2014 2:23 am
ZCS/ZD Version: Release 8.8.15.GA.3829.UBUNTU16.64
Contact:

Unmatching certificate

Post by imanudin11 »

Hi
[quote user="Martinwiertz"]
Hi,

I need your assistance, please.
I generated a CSR to mij server zimbra.A.local and have an external internet domain called zimbra.A.info. The only difference is .local and .info.
The CSR check with Symantec provides an error. Invalid subject alternative name (SAN). The names zimbra.A.local and www.A.info are displayed.

My analisys is that is should change my Zimbra servername and reapply for a certificate without .local name. Correct?
[/quote]
I think it's could be the reason :)
[quote]
Verificrt:
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid.
Versie 8.6.0_GA_1191.NETWORK 16 dec 2015

[/quote]
Are you generate CSR in same server (Zimbra) or from other server? if from other server, please copy commercial.key and placed in /opt/zimbra/ssl/zimbra/commercial/ folder
**

Best Regards,
Ahmad Imanudin - Sharing is Beautiful !
Personal Blog [EN] :http://www.imanudin.net
Martinwiertz
Advanced member
Advanced member
Posts: 85
Joined: Sat Sep 13, 2014 3:55 am
Location: The Netherlands
ZCS/ZD Version: V10 FOSS Intalio on Ubuntu20.04

Unmatching certificate

Post by Martinwiertz »

Ahmad,



Thanks for your reply... so change servername is key. Hmm, hoped this wouldn't be necessary due to impact. Everything has to be ok or Zimbra won't run anymore. I have a daily backup. :-)



I am administering at the machine. File location is ok. Commercial.key is not a file which is provided by certificate CA. only CRT-files.
Martinwiertz
Advanced member
Advanced member
Posts: 85
Joined: Sat Sep 13, 2014 3:55 am
Location: The Netherlands
ZCS/ZD Version: V10 FOSS Intalio on Ubuntu20.04

Unmatching certificate

Post by Martinwiertz »

Hello,



It's solved!!



Solution was comparison of the original commercial.key with the new commercial certificate. The stdin code must be equal. With some much appreciated help from www.sslcertificaten.nl it worked.



https://wiki.zimbra.com/wiki/Administra ... cate_Tools



/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt



/opt/zimbra/bin/zmcertmgr viewdeployedcrt



Thanks!
Post Reply