Installing a Network Solutions Certificate on ZCS 5.0.x

From Zimbra :: Wiki

Jump to: navigation, search
Admin Article

Article Information

This article applies to the following ZCS versions.
  ZCS 5.0 Article  ZCS 5.0

Use the following steps to import and install a Network Solutions commercial certificate on a ZCS 5.0.x server.

Note: These instructions assume that you have the private key in /opt/zimbra/ssl/zimbra/commercial named as commercial.key with the correct permissions.

1. Rename the <server_name.crt> file to commercial.crt and place it in the /opt/zimbra/ssl/zimbra/commercial

2. chmod 700 commercial.crt

3. Concatenate the chain files into one file and call it commercial_ca.crt

cat AddTrustExternalCARoot.crt NetworkSolutions_CA.crt UTNAddTrustServer_CA.crt >> commercial_ca.crt

4. cp commercial_ca.crt /opt/zimbra/ssl/zimbra/commercial

chmod 700 commercial_ca.crt

5. Run a check against the cert files.

/opt/zimbra/bin/zmcertmgr verifycrt comm

6. At this point and if the output looks promising, go ahead and deploy the cert.

/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
if you get error messages like these:
Error loading file ./commercial_ca.crt
6675:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:749:
6675:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:by_file.c:280:
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...

The solution is to add a newline to the end of the "AddTrustExternalCARoot.crt" and "NetworkSolutions_CA.crt" files _only_.

7. Restart the Zimbra services.

su - zimbra
zmcontrol stop
zmcontrol start

8. Verify that the Web interface is loading correctly with the new certificate.


Verified Against: ZCS 5.0.x Date Created: 9/17/2008
Article ID: http://wiki.zimbra.com/index.php?title=Installing_a_Network_Solutions_Certificate_on_ZCS_5.0.x Date Modified: 04/15/2010
Personal tools