Administrators • Commercial SSL Certificate installation issue

Hi

Can any one suggest what is issue and how fix it:

zimbra@mail:/opt$ zmcontrol -v
Release 8.8.15.GA.4179.UBUNTU20.64 UBUNTU20_64 FOSS edition, Patch 8.8.15_P45.


zimbra@mail:/opt$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/mail.helios.aero.crt /opt/mail.helios.aero.ca-bundle
** Verifying '/opt/mail.helios.aero.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/opt/mail.helios.aero.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/opt/mail.helios.aero.crt' against '/opt/mail.helios.aero.ca-bundle'
Valid certificate chain: /opt/mail.helios.aero.crt: OK



zimbra@mail:/opt$ /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/mail.helios.aero.crt /opt/mail.helios.aero.ca-bundle
** Fixing newlines in '/opt/mail.helios.aero.crt'
Can't do inplace edit on /opt/mail.helios.aero.crt: Cannot make temp name: Permission denied at /opt/zimbra/bin/zmcertmgr line 1239.
** Fixing newlines in '/opt/mail.helios.aero.ca-bundle'
Can't do inplace edit on /opt/mail.helios.aero.ca-bundle: Cannot make temp name: Permission denied at /opt/zimbra/bin/zmcertmgr line 1239.
** Verifying '/opt/mail.helios.aero.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/opt/mail.helios.aero.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/opt/mail.helios.aero.crt' against '/opt/mail.helios.aero.ca-bundle'
Valid certificate chain: /opt/mail.helios.aero.crt: OK
** Copying '/opt/mail.helios.aero.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying '/opt/mail.helios.aero.ca-bundle' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain '/opt/mail.helios.aero.ca-bundle' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.helios.aero...ok
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.helios.aero...ok
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1):
No cert in -in file '/opt/zimbra/conf/imapd.crt' matches private key
80F20CA9A27F0000:error:05800074:x509 certificate routines:X509_check_private_key:key values mismatch:crypto/x509/x509_cmp.c:405:
80F20CA9A27F0000:error:05800074:x509 certificate routines:X509_check_private_key:key values mismatch:crypto/x509/x509_cmp.c:405:



Please let me know how to fix this issue, SSL obtained from SSLs.com . Currently installed SSL is letsencrypt. I want to replace it with one purchased from ssls.com





No cert in -in file '/opt/zimbra/conf/imapd.crt' matches private key

Statistics: Posted by zohaib09 — Thu Jan 02, 2025 1:42 pm

---