Fix depth lookup:unable to get issuer certificate

Fix depth lookup:unable to get issuer certificate

   KB 21724        Last updated on 07/11/2015  




0.00
(0 votes)


Purpose

Solve a common problem, depth lookup:unable to get issuer certificate, with SSL certificates when trying to:

  • Install a new SSL certificate.
  • Install a wildcard SSL certificate from another server.
  • Install an SSL certificate from another server: moved or restored from a backup.
  • Renew an SSL certificate, when the intermediate CA was changed from the SSL provider.

Resolution

This error means the certificate path or chain is broken and you are missing certificate files. In most cases, the intermediate cert or root CA is affected. Right now, almost every SSL vendor has 2 or more CA Intermediates - sha1 and sha2 (256).

The best solution is to ask for the most updated root CA and intermediate certificates from the SSL provider. Then place all of them in a file, in order, and try again. Mix the root CA and the Intermediate (Comodo example):

cat ComodoRSAca_ROOT.crt ComodoRSAca_inter1.crt ComodoRSAOrgValidationca_inter2.crt > ca_bundle.crt

Copy the CA Bundle to the proper path:

sudo cp ca_bundle.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

Verify the SSL certificate against the private key:

sudo /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt

Deploy the SSL certificate>

sudo /opt/zimbra/bin/zmcertmgr deploycrt comm star.domain.com.crt ca_bundle.crt

Check the deployed SSL certificate>

sudo /opt/zimbra/bin/zmcertmgr viewdeployedcrt

Additional Content

  • No additional content


Verified Against: Zimbra Collaboration 8.5, 8.6 Date Created: 02/20/2015
Article ID: https://wiki.zimbra.com/index.php?title=Fix_depth_lookup:unable_to_get_issuer_certificate Date Modified: 07/11/2015



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by Fred Phil Jenny Last edit by Jorge de la Cruz
Jump to: navigation, search