Installing a RapidSSL Commercial Certificate

Installing a RapidSSL Commercial Certificate

   KB 3105        Last updated on 2018-01-18  




0.00
(0 votes)

Purpose

Step by Step Wiki/KB article to install a RapidSSL Commercial Certificate

Resolution

When you buy a GeoTrust (RapidSSL)SSL certificate, Geotrust will send to you some RapidSSL intermediate CA certificate (usually called IntermediateCA.cer), in case that you miss some of them, here are the links:

We strongly recommend to use the Intermediate Root Certificates provided from your vendor, and add just the Root 2 Geotrust Global CA at the end.

Example with RSA SHA-2 (under SHA-1 Root)

You need to download this two files , in this order:

Preparing the commercial_ca.crt

Certificates were assembled as follows:

cat [RapidSSL intermediate CA] [GeoTrust Global CA] > commercial_ca.crt 

Note All the next commands should be run as zimbra user starting ZCS 8.7 and above, and as a root user in ZCS 8.6 and below.

You will be able to successfully verify the certificate using the following:

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key mail-cert ./commercial_ca.crt

Where 'mail-cert' is the certificate that was issued to the server based on the CSR, and "commercial_ca.crt" is the bundle assembled from the RapidSSL intermediate CA certificate and the link above.

Deploy the new SSL RapidSSL certificate

Then deploy the certificate as follows:

/opt/zimbra/bin/zmcertmgr deploycrt comm  mail-cert ./commercial_ca.crt

Then you need to restart the services

zmcontrol restart

Common error

If you see the next error error 20 at 0 depth lookup:unable to get local issuer certificate like here:

** Verifying 'ssl_certificate.cer' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate 'ssl_certificate.cer' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying 'ssl_certificate.cer' against 'commercial_ca2.crt'
ERROR: Unable to validate certificate chain: ssl_certificate.cer: CN = your.domain.com
error 20 at 0 depth lookup:unable to get local issuer certificate

It means you don't have the proper IntermediateCA and Root file, please refer to the first section of this Wiki, or contact GeoTrust in order to them to provide the proper and updated IntermediateCA to you, usually they send a IntermediateCA.cer file.

Additional Content

  • No related content
Verified Against: Zimbra Collaboration 8.6, 8.5, 8.0 Date Created: 11/19/2009
Article ID: https://wiki.zimbra.com/index.php?title=Installing_a_RapidSSL_Commercial_Certificate Date Modified: 2018-01-18



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by Jorge SME2 Copyeditor Last edit by Jorge de la Cruz
Jump to: navigation, search