Installing a StartSSL SSL Certificate with zmcertmgr

From Zimbra :: Wiki

Jump to: navigation, search
   Icon-Archive.png  - This is archive documentation, which means it is not supported or valid for recent versions of Zimbra Collaboration.


   Article-alert.png  - This article is a Work in Progress, and may be unfinished or missing sections.


Admin Article

Article Information

This article applies to the following ZCS versions.
  ZCS 7.0 Article  ZCS 7.0
  ZCS 6.0 Article  ZCS 6.0

Installing a *Free* StartSSL SSL certificate with zmcertmgr

WARNING: There are numerous errors on this page. Please use the official wiki at http://wiki.zimbra.com/wiki/Administration_Console_and_CLI_Certificate_Tools#ZCS_Certificate_CLI

Use the article as a guide to installing a StartSSL issued SSL certificate with the zmcertmgr tool.

1. Download the ca.pem [1] and sub.class1.server.ca.pem [2] to /tmp/

2. Cat the CA certs to form a single CA certificate chain file

 cat ca.pem sub.class1.server.ca.pem > ca_bundle.crt

3. Place server certificate in /tmp/ssl.crt.

4. Place the private key in /opt/zimbra/ssl/zimbra/commercial/commercial.key

5. Deploy the commercial certificate with zmcertmgr as the root user.

 cd /opt/zimbra/bin
 ./zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt

6.(As Root User)

/opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt

7. Restart the zimbra services

 su zimbra
 zmcontrol stop
 zmcontrol start

See: CLI zmtlsctl to set Web Server Mode to enable or require web secure connections.

Verified Against: Zimbra Collaboration Suite 6.x Date Created: 7/21/2010
Article ID: http://wiki.zimbra.com/index.php?title=Installing_a_StartSSL_SSL_Certificate_with_zmcertmgr Date Modified: 04/1/2015
Personal tools