Difference between revisions of "5.x Commercial Certificates Guide"

(Adding category & article footer)
Line 20: Line 20:
  
 
[4.5x to 5.x failed cert]
 
[4.5x to 5.x failed cert]
 
+
  
 
Check whether the tomcat alias still exist in the keystore, you can check with this command
 
Check whether the tomcat alias still exist in the keystore, you can check with this command
Line 32: Line 32:
 
<pre>
 
<pre>
 
keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
 
keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
</pre>
+
</pre>  
 
   
 
   
 
If there are any errors from the above command, please send it to us (support@zimbra.com).
 
If there are any errors from the above command, please send it to us (support@zimbra.com).
 +
 +
[importing commercial certificates from other mail systems to zimbra 5.x]
 +
<pre>
 +
If we have all the necessary pieces, you should be able to bring your commercial cert to zimbra.
 +
(1) who is the CA?
 +
(2) do you have the private key ?
 +
(3) is the private key encrypted or password protected?
 +
(4) how many cert files do you have ( intermediate and root ca)
 +
(5) Is the zimbra hostname the same as the one on the cert?
 +
</pre>
 +
<pre>
 +
If you can answer the above questions, then all you need to do is
 +
(a) place your private key in /opt/zimbra/ssl/zimbra/commercial and name it commercial.key
 +
(b) make sure commercial.key permission is set to 700 and is owned by root:root
 +
(c) upload the certificate files via the admin console>certificates.
 +
(d) make sure to upload all the certificate files that you received from you CA (rootca,intermediate,...)
 +
</pre>
 +
  
 
{{Article Footer|Zimbra Collaboration Suite 5.x|1/16/2008}}
 
{{Article Footer|Zimbra Collaboration Suite 5.x|1/16/2008}}
  
 
[[Category: Certificates]]
 
[[Category: Certificates]]

Revision as of 02:19, 5 February 2008

[5.0.1_GA and later]

  Obtain your commerial cert from your provider.  You will also need the root CA and any intermediaries that the provider uses in PEM format.
  Concatenate the root and intermediaries files into a single file for use with zmcertmgr
 
 (a) sudo zmcertmgr deploycrt comm <cert file> <ca_chain file>
 (b) zmcontrol stop ; zmcontrol start


[5.0.0_GA]

 (a) Copy the certificate file(s) to /opt/zimbra/ssl/zimbra/commercial/ while naming it commercial.crt
     If you have more than one cert files, please concatenate them into one file
 (b) Copy the private key to /opt/zimbra/ssl/zimbra/commercial/ while naming it commercial.key
 (c) Copy /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/jetty/webapps/zimbraAdmin/tmp/current.crt
     current.crt should be owned by zimbra:zimbra
 (d) Run this command /opt/zimbra/bin/zmcertmgr install comm

[4.5x to 5.x failed cert]


Check whether the tomcat alias still exist in the keystore, you can check with this command

keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass  `zmlocalconfig -s -m nokey mailboxd_keystore_password`

If the above command returns two aliases (tomcat and jetty), please delete the tomcat alias with this command

keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`

If there are any errors from the above command, please send it to us (support@zimbra.com).

[importing commercial certificates from other mail systems to zimbra 5.x]

If we have all the necessary pieces, you should be able to bring your commercial cert to zimbra.
 (1) who is the CA?
 (2) do you have the private key ?
 (3) is the private key encrypted or password protected?
 (4) how many cert files do you have ( intermediate and root ca)
 (5) Is the zimbra hostname the same as the one on the cert?
If you can answer the above questions, then all you need to do is
 (a) place your private key in /opt/zimbra/ssl/zimbra/commercial and name it commercial.key
 (b) make sure commercial.key permission is set to 700 and is owned by root:root
 (c) upload the certificate files via the admin console>certificates.
 (d) make sure to upload all the certificate files that you received from you CA (rootca,intermediate,...)


Verified Against: Zimbra Collaboration Suite 5.x Date Created: 1/16/2008
Article ID: https://wiki.zimbra.com/index.php?title=5.x_Commercial_Certificates_Guide Date Modified: 2008-02-05



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search