Installing a Verisign Test Certificate

Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 5.0 Article ZCS 5.0

Instructions on how to install a 15 day free trial Verisign Certificate on Zimbra Server:

  1. Go to http://www.verisign.com/ and select "Free SSL Trial".
  2. Fill out the form on the Free SSL Trial Certificate Page and click Continue
  3. Open a new browser window and create CSR through Zimbra Admin Console. Login to the Admin Console, click Certificates -> Install Certificate Button -> Select Target Server -> Select Generate the CSR for the commercial certificate authorizer -> create the CSR and download and save the CSR file
  4. Go back to verisign Free Trial SSL page and continue, fill out the required technical contact.
  5. When you are asked by Verisign abou the CSR, open your saved CSR file and copy paste the content to Verisign page
  6. Once you successfully submit your CSR, a trial Certificate will be created by Verisign and emailed to you.
  7. Once you receive the certificate, save it, say verisign_free_trial.crt
  8. Get the verisign Root CA for the certificate you just got and save it as root.ca. To get the root CA, go to http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html.
  9. Get the verisign Intermediate CA for the certificate you just got and save it as intermediate.ca. To get the intermediate CA, go to http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-intermediate/index.html
  10. Go back to Admin Console and launch the Install Certificate wizard, pick the "Install the commercially signed certificate". When you are prompted to upload the certificate, select verisign_free_trial.crt as Certificate, root.ca as Root CA, and intermediate.ca as Intermediate CA.
  11. Click Next and then Install. Your Commercial Certificate will be installed successfully.
  12. Restart the zimbra server.


Troubleshooting

If Zimbra doesn't come up after the restart, chances are that you have error messages like the following in your logs:


Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertP athBuilderException: unable to find valid certification path to requested target



The culprit is the missing CA for the VeriSign Trial Secure Server Test Root CA. You can import the CA with the following command:

# /opt/zimbra/java/bin/keytool -import -alias <ALIAS> -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass <PASSWORD> -file /opt/zimbra/conf/ca/commercial_ca.pem

Verified Against: unknown Date Created: 1/30/2008
Article ID: https://wiki.zimbra.com/index.php?title=Installing_a_Verisign_Test_Certificate Date Modified: 2015-03-24



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search