4.x Commercial Certificates Guide

Revision as of 16:08, 28 March 2006 by Rrankin (talk | contribs)

Commercial SSL Cert Install Procedure

Jetty

Download the Jetty package, as it contains a useful class that can convert PKCS12 format certificates to JKS format certificates.

Delete Existing Certs

keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra

Add the CA certificate

keytool -import -keystore /path/to/keystore -import -trustcacerts -file /path/to/cacert.cer

Commercial SSL Certificates for Tomcat / Java

If you receive your certificates in the more or less standard PEM format, you need to do the following:

Convert your certificate and key files to a combined PKCS12 format certificate:

openssl pkcs12 -inkey /path/to/file.key -in /path/to/file.crt -export -out file.pkcs12

Convert the PKCS12 certificate to a Java Keystore format (JKS):

java -classpath $JETTY_HOME/lib/org.mortbay.jetty.jar org.mortbay.util.PKCS12Import file.pkcs12 keystore

Note: make sure to set to the keystore password to whatever Zimbra expects (usually "zimbra")

Clone the new keystore certificate stored under the alias "1" to the alias "tomcat":

keytool -keystore keystore -keyclone -alias 1 -dest tomcat

Delete the certificate stored under the "1" alias:

keytool -delete -alias 1 -keystore keystore

Commercial SSL Certificates for Postfix

If you receive your certificates in the more or less standard PEM format, you need to do the following:

Decrypt the certificate key:

openssl rsa -in file.key -out file.key.decrypted

Move the cert and decrypted key into place:

mv file.crt /opt/zimbra/conf/smtpd.crt
mv file.key.decrypted /opt/zimbra/conf/smtpd.key

QuickSSL References

  1. QuickSSL Homepage
  2. QuickSSL Knowledgebase - search for tomcat installation.
Jump to: navigation, search