[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL Install Issue
This is the same cert provider I've always used with no issues before. They also don't require an intermediate cert, and the root CA is on the servers already. I've tried installing a new root CA and I get the error that it is already there, so I don't think that is the issue.
Thanks,
David Emmerich
Network Specialist II - ITS Systems Administration
Eastern Illinois University
----- Original Message -----
From: "David N. Blank-Edelman" <dnb@ccs.neu.edu>
To: "David Emmerich" <dpemmerich@eiu.edu>
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Saturday, January 10, 2009 5:01:23 PM GMT -06:00 US/Canada Central
Subject: Re: SSL Install Issue
Hi David-
On Jan 10, 2009, at 3:04 PM, David Emmerich wrote:
> I've never had this issue with an Entrust cert before, and I have
> never had to import an intermediate cert or a root cert into the
> keystore along with it, so I'm not sure what the deal is. Has
> anyone else had this happen? Anyone have any suggestions?
We recently switched to a cert provider with an intermediate cert.
There's a page on just this question in the wiki and I would also
recommend doing a search for "cert". I think the thread that helped us
the most was:
http://www.zimbra.com/forums/administrators/15914-solved-commercial-cert-thawte.html
Here's our notes from the install:
- concatenate the CA's cert and their intermediate cert into a new
file commercial_ca.crt
- install the private key and the keysigning request used to get the
new Zimbra key as commercial.key and commercial.csr into /opt/zimbra/
ssl/zimbra/commercial
- run /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/certs/
commercial.crt /tmp/certs/commercial_ca.crt to deploy the new cert.
That was all done as root. Then as user zimbra, we stopped and
restarted Zimbra (/opt/zimbra/bin/zmcontrol stop; /opt/zimbra/bin/
zmcontrol start) and it started using the new certs.
-- dNb