Zimbra Unable to validate certificate chain

On installing SSL on Zimbra mail server, i get following error

This was due to SSL cert chain. The ca-bundle file they provided did not work with Zimbra. This is due to some issue with the order in witch CA Certificate files are placed. Here is zimba documentaion related to this issue

https://wiki.zimbra.com/wiki/Fix_depth_lookup:unable_to_get_issuer_certificate

I checked with SSL provider, they initially provided a combined SSL certificate, that have cert file + ca certificate. I tried to install it, but it did not work.

After showing SSL support the screenshot of the SSL install page, they provided me with 3 differnt files.

zimbra

In the zimbra SSL install, you have option to add more intermediate CA by clicking “Add Intermediate CA” link.

The provided files are

I tried to install it using UI, but it failed with some error related to RemoteManager and port 22.

To install on Command line, first you need to becom user zimbra

I copied all files provided by SSL provider to the server. Change to SSL folder

Edited the file

Pasted the SSL certificate content to this file. commercial.key file have the private key, this get auto generated during the CSR generation process.

Now i tried mixing those 3 files (CA certs) to create commerical_ca.crt, but it failed to work

After few try, mixing ca certificate in following order got it work.

Now installed SSL with

Now rebooted the server, after reboot SSL worked.

Add a Comment

Your email address will not be published. Required fields are marked *