I have an issue with deployment of SSL certificate. Anyone same problem? When I use GUI deployment, its says some error about RemoteManager port 22
so I followed Single-Node Commercial Certificate recommended steps from https://wiki.zimbra.com/wiki/Administra ... cate_Tools
I have three files, GeoTrust Global CA (ROOT CA) .pem which renamed into .crt; IntermediateCA.crt and ServerCert.crt
RootCA and Intermediate is merged into one Chain file.
Console output:
Verification is OK
Code: Select all
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
** Verifying '/tmp/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/tmp/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/tmp/commercial.crt' against '/tmp/ca_chain.crt'
Valid certificate chain: /tmp/commercial.crt: OK
Issue:
Code: Select all
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
** Fixing newlines in '/tmp/commercial.crt'
Can't rename /tmp/commercial.crt to /tmp/commercial.crt.bak: Operation not permitted, skipping file at /opt/zimbra/bin/zmcertmgr line 1225.
** Verifying '/tmp/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/tmp/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/tmp/commercial.crt' against '/tmp/ca_chain.crt'
Valid certificate chain: /tmp/commercial.crt: OK
** Copying '/tmp/commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying '/tmp/ca_chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain '/tmp/ca_chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.domain.tld...ok
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.domain.tld...ok
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1):
unable to load certificates
140604730992320:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:809:
I also check empty lines or merged headings, and It is OK
-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----
Thank you very much for any help,
Dave