Installing a RapidSSL Commercial Certificate: Difference between revisions
No edit summary |
m (→Resolution) |
||
Line 10: | Line 10: | ||
==Resolution== | ==Resolution== | ||
When you buy a GeoTrust (RapidSSL)SSL certificate, Geotrust will send to you some | When you buy a GeoTrust (RapidSSL)SSL certificate, Geotrust will send to you some RapidSSL intermediate CA certificate (usually called IntermediateCA.cer), in case that you miss some of them, here are the links: | ||
* GeoTrust Root Certificates - [https://www.geotrust.com/resources/root-certificates/ https://www.geotrust.com/resources/root-certificates/] | * GeoTrust Root Certificates - [https://www.geotrust.com/resources/root-certificates/ https://www.geotrust.com/resources/root-certificates/] | ||
You need to download this two files , in this order: | |||
* RapidSSL Intermediate CA Certificates - [https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id= | * '''RapidSSL Intermediate CA Certificates''' - [https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO28836 https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO28836] | ||
* '''Root 2''' - GeoTrust Global CA (.pem format) - [https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem] | |||
===Preparing the commercial_ca.crt=== | ===Preparing the commercial_ca.crt=== | ||
Certificates were assembled as follows: | Certificates were assembled as follows: | ||
Line 29: | Line 31: | ||
Then you need to restart the services | Then you need to restart the services | ||
zmcontrol restart | zmcontrol restart | ||
===Common error=== | |||
If you see the next error ''error 20 at 0 depth lookup:unable to get local issuer certificate'' like here: | |||
** Verifying 'ssl_certificate.cer' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' | |||
Certificate 'ssl_certificate.cer' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. | |||
** Verifying 'ssl_certificate.cer' against 'commercial_ca2.crt' | |||
ERROR: Unable to validate certificate chain: ssl_certificate.cer: CN = your.domain.com | |||
error 20 at 0 depth lookup:unable to get local issuer certificate | |||
It means you don't have the proper IntermediateCA and Root file, please refer to the first section of this Wiki, or [https://www.geotrust.com/support/ '''contact GeoTrust'''] in order to them to provide the proper and updated IntermediateCA to you, usually they send a '''IntermediateCA.cer''' file. | |||
==Additional Content== | ==Additional Content== |
Revision as of 17:21, 14 October 2016
Installing a RapidSSL Commercial Certificate
Purpose
Step by Step Wiki/KB article to install a RapidSSL Commercial Certificate
Resolution
When you buy a GeoTrust (RapidSSL)SSL certificate, Geotrust will send to you some RapidSSL intermediate CA certificate (usually called IntermediateCA.cer), in case that you miss some of them, here are the links:
- GeoTrust Root Certificates - https://www.geotrust.com/resources/root-certificates/
You need to download this two files , in this order:
- RapidSSL Intermediate CA Certificates - https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO28836
- Root 2 - GeoTrust Global CA (.pem format) - https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem
Preparing the commercial_ca.crt
Certificates were assembled as follows:
cat [RapidSSL intermediate CA] [GeoTrust Global CA] > commercial_ca.crt
You will be able to successfully verify the certificate using the following:
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key mail-cert ./commercial_ca.crt
Where 'mail-cert' is the certificate that was issued to the server based on the CSR, and "commercial_ca.crt" is the bundle assembled from the RapidSSL intermediate CA certificate and the link above.
Deploy the new SSL RapidSSL certificate
Then deploy the certificate as follows:
/opt/zimbra/bin/zmcertmgr deploycrt comm mail-cert ./commercial_ca.crt
Then you need to restart the services
zmcontrol restart
Common error
If you see the next error error 20 at 0 depth lookup:unable to get local issuer certificate like here:
** Verifying 'ssl_certificate.cer' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate 'ssl_certificate.cer' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. ** Verifying 'ssl_certificate.cer' against 'commercial_ca2.crt' ERROR: Unable to validate certificate chain: ssl_certificate.cer: CN = your.domain.com error 20 at 0 depth lookup:unable to get local issuer certificate
It means you don't have the proper IntermediateCA and Root file, please refer to the first section of this Wiki, or contact GeoTrust in order to them to provide the proper and updated IntermediateCA to you, usually they send a IntermediateCA.cer file.
Additional Content
- No related content