error 2 at 1 depth lookup:unable to get issuer certificate

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
phoenix
Ambassador
Ambassador
Posts: 26329
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: error 2 at 1 depth lookup:unable to get issuer certificate

Postby phoenix » Mon Sep 03, 2018 3:11 pm

fosiul@gmail.com wrote:Thanks, let me speak with them, see if they provide me root certificate

I will come back soon.


Spoke with Vendor, they said, They dont provide Root certificate and thats only valid for Web server .

So i guess i will have to buy new SSL certificate .

..[/quote]Have you looked at using a Letsencrypt certificate for your ZCS server? JDunphy has written a great write-up in the wiki and there's also a sticky thread in this forum on that topic.


Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
fosiul@gmail.com
Posts: 16
Joined: Sun Sep 02, 2018 5:03 pm

Re: error 2 at 1 depth lookup:unable to get issuer certificate

Postby fosiul@gmail.com » Mon Sep 03, 2018 3:20 pm

Hi
I have one question.

if i buy a new SSL certificate from comodo which is for mail.ourdomain.com

will it cover all ssl functionality for Zimbra service ? or do i need to buy a Wildcard certificate ?

Please advise

Thanks
fosiul@gmail.com
Posts: 16
Joined: Sun Sep 02, 2018 5:03 pm

Re: error 2 at 1 depth lookup:unable to get issuer certificate

Postby fosiul@gmail.com » Mon Sep 03, 2018 3:22 pm

Have you looked at using a Letsencrypt certificate for your ZCS server? JDunphy has written a great write-up in the wiki and there's also a sticky thread in this forum on that topic.


Hi, you meant "https://letsencrypt.org/"

I did not!! let me have a look aswell!!

Thanks for the advise
gvargas99
Posts: 3
Joined: Sat Dec 08, 2018 7:58 pm

Re: error 2 at 1 depth lookup:unable to get issuer certificate

Postby gvargas99 » Sat Dec 08, 2018 8:05 pm

[Solved]
I had the same issue with the 1and1 certificate, I have working now. these are the steps:
1. You need to convert the .cer certificate into a .crt certificate. You need to do this for both files (certificate and intermediate)
penssl x509 -inform PEM -in certificate.cer -out certificate.crt
penssl x509 -inform PEM -in intercertificate.cer -out intercertificate.crt
2. Create the bundle cert by merging both
cat certificate.crt intercertificate.crt >>bundle_cert.crt

3. This is the key part - You need to move the key and the bundle to the nginx directory and rename them. (This is how I got it working)
copy both files to /opt/zimbra/conf
make a backup of nginx.crt and nginx.key
rename yourkey.key to nginx.key . and bundle_cert.crt to nginx.crt

4. Restart the proxy
zmproxyctl restart


Done.

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 5 guests