Re: SSL Install Issue

[David Emmerich <dpemmerich@driftwood.eiu.edu>]

Thanks for the tip Robert.  This is 4.5.11 so I'm using command line to do this. 

I'll check the files to be sure.  Our security guy here has run openssl checks against the csr and the cert reply and he says they look fine.  Also, just to be sure I didn't fubar the original I sent in a new request.  I am having the same issue with the new one too.  Unfortunately, I need to have this resolved quickly because this is the first step to get us off of our Mac servers and onto Red Hat.  Then we can move to 5.0.x.

Thanks for the help.

David Emmerich
Network Specialist II - ITS Systems Administration
Eastern Illinois University

----- Original Message -----
From: "Robert M. Thompson" <ab5602@wayne.edu>
To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Wednesday, January 14, 2009 8:05:47 PM GMT -06:00 US/Canada Central
Subject: Re: SSL Install Issue


Hi David,

Don't know if this is related, but I've had problems before wrt/ Zimbra and white-space issues in the .txt files generated by the Zimbra Admin UI.  Just something else to check..

-Rob

--
Rob Thompson, Systems Analyst
Enterprise Applications
Computing & Information Technology
Wayne State University
313-577-5645

Public Key: http://pgp.wayne.edu/rob.key

----- Original Message -----
From: "David Emmerich" <dpemmerich@driftwood.eiu.edu>
To: "David N. Blank-Edelman" <dnb@ccs.neu.edu>
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>, "David Emmerich" <dpemmerich@eiu.edu>
Sent: Tuesday, January 13, 2009 3:42:45 PM GMT -05:00 US/Canada Eastern
Subject: Re: SSL Install Issue

This is the same cert provider I've always used with no issues before.  They also don't require an intermediate cert, and the root CA is on the servers already.  I've tried installing a new root CA and I get the error that it is already there, so I don't think that is the issue.  

Thanks,

David Emmerich
Network Specialist II - ITS Systems Administration
Eastern Illinois University

----- Original Message -----
From: "David N. Blank-Edelman" <dnb@ccs.neu.edu>
To: "David Emmerich" <dpemmerich@eiu.edu>
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Saturday, January 10, 2009 5:01:23 PM GMT -06:00 US/Canada Central
Subject: Re: SSL Install Issue

Hi David-

On Jan 10, 2009, at 3:04 PM, David Emmerich wrote:

> I've never had this issue with an Entrust cert before, and I have  
> never had to import an intermediate cert or a root cert into the  
> keystore along with it, so I'm not sure what the deal is.  Has  
> anyone else had this happen? Anyone have any suggestions?

We recently switched to a cert provider with an intermediate cert.  
There's a page on just this question in the wiki and I would also  
recommend doing a search for "cert". I think the thread that helped us  
the most was:

http://www.zimbra.com/forums/administrators/15914-solved-commercial-cert-thawte.html

Here's our notes from the install:

- concatenate the CA's cert and their intermediate cert into a new  
file commercial_ca.crt
- install the private key and the keysigning request used to get the  
new Zimbra key as commercial.key and commercial.csr into /opt/zimbra/ 
ssl/zimbra/commercial
- run /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/certs/ 
commercial.crt /tmp/certs/commercial_ca.crt to deploy the new cert.  
That was all done as root. Then as user zimbra, we stopped and  
restarted Zimbra (/opt/zimbra/bin/zmcontrol stop; /opt/zimbra/bin/ 
zmcontrol start) and it started using the new certs.

     -- dNb