CSR always the same using GUI? CLI regen works OK
Posted: Wed Jun 12, 2019 1:58 pm
Hi,
Our server (8.6.0_GA_1242) certificate is due for renewal - our issuer (Gandi) gives a warning about needing a new CSR. I've used the Zimbra Admin Certificates GUI wizard and ticked the option for "Replace the current CSR" and have even gone so far as to manually backup then delete the commercial.key file to ensure a new key file is being created (it is).
However, using this approach the content of the CSR is always identical to the previous CSR. I went through the steps 6 times, tried changing the Digest size from SHA256 up to SHA512, but the CSR result was always the same.
The only way I've been able to force a new CSR is to use the CLI version of regeneration, following the example under the Wiki https://wiki.zimbra.com/wiki/Administra ... ertificate and adjustng the subject / domain to our values. I then copied the new CSR to the mounted remote backup so that I could pick up the file on my desktop PC...
This makes me wonder if the Admin GUI's regen method has a bug and is not passing the "-new" parameter to the command? (I don't know if that's the cause, but this seems to fit what I've seen on our system).
Has anyone else experienced this issue with the GUI tool?
Our server (8.6.0_GA_1242) certificate is due for renewal - our issuer (Gandi) gives a warning about needing a new CSR. I've used the Zimbra Admin Certificates GUI wizard and ticked the option for "Replace the current CSR" and have even gone so far as to manually backup then delete the commercial.key file to ensure a new key file is being created (it is).
However, using this approach the content of the CSR is always identical to the previous CSR. I went through the steps 6 times, tried changing the Digest size from SHA256 up to SHA512, but the CSR result was always the same.
The only way I've been able to force a new CSR is to use the CLI version of regeneration, following the example under the Wiki https://wiki.zimbra.com/wiki/Administra ... ertificate and adjustng the subject / domain to our values. I then copied the new CSR to the mounted remote backup so that I could pick up the file on my desktop PC...
This makes me wonder if the Admin GUI's regen method has a bug and is not passing the "-new" parameter to the command? (I don't know if that's the cause, but this seems to fit what I've seen on our system).
Has anyone else experienced this issue with the GUI tool?