- This is archive documentation, which means it is not supported or valid for recent versions of Zimbra Collaboration.

If you are upgrading from 4.5x to 5.0.x and the cert failed to upgrade successfully, you need to re-install the cert.

Prerequisites

You will need these pieces:

The private key. This can be extracted from the Tomcat keystore. Zimbra Support can help with this process if you send the Tomcat keystore.
The server certificate
The chain cert files

Installation

With these pieces in hand, we can use the zmcertmgr to install the certificate.

1. Verify that the cert and the key match using this command:

/opt/zimbra/bin/zmcertmgr verifycrt comm /path/to/privatekey /path/to/commercial.crt /path/to/commercial_ca.crt

2. From the temp directory, deploy the cert and restart the zimbra services.

(a) sudo zmcertmgr deploycrt comm /path/to/commercial.crt /path/to/commercial_ca.crt
(b) zmcontrol stop ; zmcontrol start

3. Check to make sure that only the jetty alias exists in the keystore.

keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass  `zmlocalconfig -s -m nokey mailboxd_keystore_password`

4. Delete the tomcat alias, if exists, with the following command.

keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`

Verified Against: ZCS 5.0.x & 4.5.x	Date Created: 9/17/2008
Article ID: https://wiki.zimbra.com/index.php?title=4.5.x_to_5.0.x_Certificate_Upgrade_Issues	Date Modified: 2015-03-24

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Other help Resources

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »