Zimbra 8 - Invalid Certificate error when installing a commercial wildcard certificate from RapidSSL
While trying to install a RapidSSL wildcard certificate on our Zimbra 8 server a while back, I ran into some issues while using Zimbra’s zmcertmgr command:
Error: Invalid Certificate: error 2 at 2 depth lookup:unable to get issuer certificate
The error indicated that I had an invalid certificate chain causing Zimbra to reject the installation. My chain consisted of the official RapidSSL CA Bundle, but alas, that bundle only contains certificates from the intermediate CA’s (Certificate Authority). At least I could confirm that the error was caused by missing the required root CA.
After hunting down the correct root certificate from Equifax the validation went through without further issues and the certificate installed correctly.
For the record, if you have trouble locating the root CA’s at rapidssl.com I would recommend doing a Google search for “RapidSSL Root Certificates”. That is way easier than trying to locate anything on their official website. The final CA chain would look like this:
RapidSSL CA => GeoTrust Global CA => Equifax Secure Certificate Authority