Difference between revisions of "5.x Commercial Certificates Guide"

(General Overview: Removing section)
 
(21 intermediate revisions by 11 users not shown)
Line 1: Line 1:
=General Overview=
+
{{Archive}}{{Article Infobox|{{admin}}||{{ZCS 5.0}}|}}'''''Important:''' See [[Administration Console and CLI Certificate Tools]] before installing a third party certificate using an article listed below. Third party certificate articles are community contributions and may include unsupported steps.'' 
Installing a commercial certificate in ZCS version 5.0.0_GA and above is a straightforward process.  The following is an overview of the steps you will take to install a commercial certificate.
 
#Generate a CSR via the '''Administration Console>Certificates''' or via the '''zmcertmgr''' command line utility.
 
#Receive the signed certificate.
 
#Receive the chain_certificates (if applicable).
 
#Install the certificate.
 
  
=TOOLS=
+
==Administration and CLI Tools==
==Admininstration Console>Certificates==
+
Zimbra offers both Administration Console and Command Line Interface (CLI) tools for installing, viewing, and managing certificates. For more information about these tools, see [[Administration Console and CLI Certificate Tools]].
This is the preferred method for installing commercial certificates. You simply start the Wizard and upload all the cert files and restart the Zimbra Services.
 
  
At the moment (8/26/08), according to Zimbra support, the web interface only supports having "one csr/private key at a time. Generating a new csr overrides the existing one and generates a new private key. If you want to generate more than one csr:
+
==Preexisting Certificates==
- you simply generate the first one which is downloaded to
+
If you'd like to install a certificate whose CSR was made elsewhere (for instance, if you have a wildcard certificate for your domain), see here: [[Preexisting Certifcate Installation for Zimbra 6.0]]
  /opt/zimbra/ssl/zimbra/commercial directory (commercial.csr and commercial.key)
 
- move both files aside
 
- generate the second csr which would download to the same location above"
 
  
==/opt/zimbra/bin/zmcertmgr==
+
==Third Party Certificate Articles==
If the Administration Console>Certificates Wizard is not doing the job, we then resort to the command line.
+
The following third party certificates have their own Wiki articles with installation instructions.
  
'''''Note:''' This tool must be run as root.'' 
+
===StartSSL===
 +
See [[Installing a StartSSL SSL Certificate with zmcertmgr]].
  
It requires the following:
+
===Comodo SSL===
 +
See [[Installing a Comodo SSL Certificate with zmcertmgr]].
  
*The private key must exist in '''/opt/zimbra/ssl/zimbra/commercial''' directory and must be named '''commercial.key''' with permission set to '''740'''.
+
===DigiCert===
*The server certificate and the chain cert files must exist in a temp directory. E.g. '''/root/certs'''
+
See [[Installing DigiCert commercial certificates]].
*The server cert must be named '''commercial.crt'''.
 
*The chain cert files must be concatenated into one file called commercial_ca.crt.
 
*Verify that the cert and the key match using this command:
 
/opt/zimbra/bin/zmcertmgr verifycrt comm /path/to/privatekey /path/to/commercial.crt /path/to/commercial_ca.crt
 
*From the temp directory, deploy the cert and restart the zimbra services.
 
(a) sudo zmcertmgr deploycrt comm /path/to/commercial.crt /path/to/commercial_ca.crt
 
(b) zmcontrol stop ; zmcontrol start
 
  
 +
===Gandi===
 +
See [[Installing a Gandi Commercial Certificate on ZCS 5.0.x and 6.0.x]]
  
 +
===GeoTrust Certificate===
 +
See [[Installing_a_GeoTrust_Commercial_Certificate]]
  
 +
===GlobalSign Certificate===
 +
See [[Installing a GlobalSign Commercial Certificate]]
  
 +
===GoDaddy Certificate===
 +
See [[Installing a GoDaddy Commercial Certificate on ZCS 5.0.x]].
  
=Troubleshooting=
+
===IPSCA Certificate===
For troubleshooting certificate issues, see [[:Category:Troubleshooting Certificates]].
+
See [[Installing_a_IPSCA_Commercial_Certificate]]
 +
 
 +
===Network Solutions Certificate===
 +
See [[Installing a Network Solutions Certificate on ZCS 5.0.x]].
 +
 
 +
===RapidSSL Certificate===
 +
See [[Installing_a_RapidSSL_Commercial_Certificate]]
 +
 
 +
===Thawte SSL Certificate (SSL123 format)===
 +
See [[Installing a Thawte SSL Certificate on ZCS 5.0.x]].
 +
 
 +
===Verisign===
 +
See [[Installing a Verisign Test Certificate on Zimbra Server]].
 +
 
 +
See [[Installing a Verisign Secure Site Certificate]].
 +
 
 +
==Troubleshooting==
 +
If you are experiencing issues installing, viewing, or managing your certificates, see the [[:Category:Troubleshooting Certificates]] category.
  
 
=Misc=
 
=Misc=
Line 65: Line 76:
  
 
[[Category: Certificates]]
 
[[Category: Certificates]]
 +
[[Category: ZCS 5.0]]
 +
[[Category: SSL/TLS]]

Latest revision as of 17:10, 25 March 2015

Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 5.0 Article ZCS 5.0

Important: See Administration Console and CLI Certificate Tools before installing a third party certificate using an article listed below. Third party certificate articles are community contributions and may include unsupported steps.

Administration and CLI Tools

Zimbra offers both Administration Console and Command Line Interface (CLI) tools for installing, viewing, and managing certificates. For more information about these tools, see Administration Console and CLI Certificate Tools.

Preexisting Certificates

If you'd like to install a certificate whose CSR was made elsewhere (for instance, if you have a wildcard certificate for your domain), see here: Preexisting Certifcate Installation for Zimbra 6.0

Third Party Certificate Articles

The following third party certificates have their own Wiki articles with installation instructions.

StartSSL

See Installing a StartSSL SSL Certificate with zmcertmgr.

Comodo SSL

See Installing a Comodo SSL Certificate with zmcertmgr.

DigiCert

See Installing DigiCert commercial certificates.

Gandi

See Installing a Gandi Commercial Certificate on ZCS 5.0.x and 6.0.x

GeoTrust Certificate

See Installing_a_GeoTrust_Commercial_Certificate

GlobalSign Certificate

See Installing a GlobalSign Commercial Certificate

GoDaddy Certificate

See Installing a GoDaddy Commercial Certificate on ZCS 5.0.x.

IPSCA Certificate

See Installing_a_IPSCA_Commercial_Certificate

Network Solutions Certificate

See Installing a Network Solutions Certificate on ZCS 5.0.x.

RapidSSL Certificate

See Installing_a_RapidSSL_Commercial_Certificate

Thawte SSL Certificate (SSL123 format)

See Installing a Thawte SSL Certificate on ZCS 5.0.x.

Verisign

See Installing a Verisign Test Certificate on Zimbra Server.

See Installing a Verisign Secure Site Certificate.

Troubleshooting

If you are experiencing issues installing, viewing, or managing your certificates, see the Category:Troubleshooting Certificates category.

Misc

  • Inspect your CSR
openssl req -in <server.csr> -noout -text
  • Inspect your certificate
openssl x509 -in <server.crt> -noout -text
  • Clear the passphrase of the private key
openssl rsa -in <server.key> -out <server.key.decr>
  • Get Jetty keystore password
zmlocalconfig -s -m nokey mailboxd_keystore_password
  • Create a CSR via the CLI
sudo /opt/zimbra/bin/zmcertmgr createcsr <self|comm> [-new] [subject] [-subjectAltNames "host1,host2"]
  • View deployed certificate via the command line
 sudo /opt/zimbra/bin/zmcertmgr viewdeployedcrt
  • Convert the cert format from DER to PEM
openssl x509 -in input.cer -inform DER -out output.cer -outform PEM
Verified Against: Zimbra Collaboration Suite 5.x Date Created: 1/16/2008
Article ID: https://wiki.zimbra.com/index.php?title=5.x_Commercial_Certificates_Guide Date Modified: 2015-03-25



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search