Installing a RapidSSL Commercial Certificate: Difference between revisions

No edit summary
Line 10: Line 10:


==Resolution==
==Resolution==
When you buy a GeoTrust (RapidSSL)SSL certificate, Geotrust will send to you some Root Certificate and RapidSSL intermediate CA certificate, in case that you miss some of them, here are the links:
When you buy a GeoTrust (RapidSSL)SSL certificate, Geotrust will send to you some RapidSSL intermediate CA certificate (usually called IntermediateCA.cer), in case that you miss some of them, here are the links:
* GeoTrust Root Certificates - [https://www.geotrust.com/resources/root-certificates/ https://www.geotrust.com/resources/root-certificates/]
* GeoTrust Root Certificates - [https://www.geotrust.com/resources/root-certificates/ https://www.geotrust.com/resources/root-certificates/]
* Root 2 - GeoTrust Global CA (.pem format) - [https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem]
You need to download this two files , in this order:
* RapidSSL Intermediate CA Certificates - [https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26459 https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26459]
* '''RapidSSL Intermediate CA Certificates''' - [https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO28836 https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO28836]
* '''Root 2''' - GeoTrust Global CA (.pem format) - [https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem]
 
===Preparing the commercial_ca.crt===
===Preparing the commercial_ca.crt===
Certificates were assembled as follows:  
Certificates were assembled as follows:  
Line 29: Line 31:
Then you need to restart the services  
Then you need to restart the services  
  zmcontrol restart
  zmcontrol restart
===Common error===
If you see the next error ''error 20 at 0 depth lookup:unable to get local issuer certificate'' like here:
** Verifying 'ssl_certificate.cer' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate 'ssl_certificate.cer' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying 'ssl_certificate.cer' against 'commercial_ca2.crt'
ERROR: Unable to validate certificate chain: ssl_certificate.cer: CN = your.domain.com
error 20 at 0 depth lookup:unable to get local issuer certificate
It means you don't have the proper IntermediateCA and Root file, please refer to the first section of this Wiki, or [https://www.geotrust.com/support/ '''contact GeoTrust'''] in order to them to provide the proper and updated IntermediateCA to you, usually they send a '''IntermediateCA.cer''' file.


==Additional Content==
==Additional Content==

Revision as of 17:21, 14 October 2016

Installing a RapidSSL Commercial Certificate

   KB 3105        Last updated on 2016-10-14  




0.00
(0 votes)


Purpose

Step by Step Wiki/KB article to install a RapidSSL Commercial Certificate

Resolution

When you buy a GeoTrust (RapidSSL)SSL certificate, Geotrust will send to you some RapidSSL intermediate CA certificate (usually called IntermediateCA.cer), in case that you miss some of them, here are the links:

You need to download this two files , in this order:

Preparing the commercial_ca.crt

Certificates were assembled as follows:

cat [RapidSSL intermediate CA] [GeoTrust Global CA] > commercial_ca.crt 

You will be able to successfully verify the certificate using the following:

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key mail-cert ./commercial_ca.crt

Where 'mail-cert' is the certificate that was issued to the server based on the CSR, and "commercial_ca.crt" is the bundle assembled from the RapidSSL intermediate CA certificate and the link above.

Deploy the new SSL RapidSSL certificate

Then deploy the certificate as follows:

/opt/zimbra/bin/zmcertmgr deploycrt comm  mail-cert ./commercial_ca.crt

Then you need to restart the services

zmcontrol restart

Common error

If you see the next error error 20 at 0 depth lookup:unable to get local issuer certificate like here:

** Verifying 'ssl_certificate.cer' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate 'ssl_certificate.cer' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying 'ssl_certificate.cer' against 'commercial_ca2.crt'
ERROR: Unable to validate certificate chain: ssl_certificate.cer: CN = your.domain.com
error 20 at 0 depth lookup:unable to get local issuer certificate

It means you don't have the proper IntermediateCA and Root file, please refer to the first section of this Wiki, or contact GeoTrust in order to them to provide the proper and updated IntermediateCA to you, usually they send a IntermediateCA.cer file.

Additional Content

  • No related content
Verified Against: Zimbra Collaboration 8.6, 8.5, 8.0 Date Created: 11/19/2009
Article ID: https://wiki.zimbra.com/index.php?title=Installing_a_RapidSSL_Commercial_Certificate Date Modified: 2016-10-14



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by Jorge SME2 Copyeditor Last edit by Jorge de la Cruz
Jump to: navigation, search