Difference between revisions of "5.x Commercial Certificates Guide"

(Formatting & copy editing)
Line 1: Line 1:
[5.0.1_GA and later]
+
=5.0.1_GA and later=
 +
Obtain your commercial certificate from your provider. 
  
  Obtain your commerial cert from your provider.  You will also need the root CA and any intermediaries that the provider uses in PEM format.
+
'''''Note:''' You will also need the root CA and any intermediaries that the provider uses in PEM format.''
  Concatenate the root and intermediaries files into a single file for use with zmcertmgr
+
 
 +
Concatenate the root and intermediary files into a single file for use with '''zmcertmgr'''.
 
    
 
    
 
   (a) sudo zmcertmgr deploycrt comm <cert file> <ca_chain file>
 
   (a) sudo zmcertmgr deploycrt comm <cert file> <ca_chain file>
 
   (b) zmcontrol stop ; zmcontrol start
 
   (b) zmcontrol stop ; zmcontrol start
  
 +
=5.0.0_GA=
  
[5.0.0_GA]
+
#Copy the certificate file(s) to '''/opt/zimbra/ssl/zimbra/commercial/''' while naming it '''commercial.crt'''. If you have more than one cert file, please concatenate them into one file.
 +
#Copy the private key to '''/opt/zimbra/ssl/zimbra/commercial/''' while naming it '''commercial.key'''.
 +
#Copy '''/opt/zimbra/ssl/zimbra/commercial/commercial.crt''' to '''/opt/zimbra/jetty/webapps/zimbraAdmin/tmp/current.crt'''. '''current.crt''' should be owned by zimbra:zimbra.
 +
#Run this command:
 +
/opt/zimbra/bin/zmcertmgr install comm
  
<pre>
+
=4.5x to 5.x failed cert=
(a) Copy the certificate file(s) to /opt/zimbra/ssl/zimbra/commercial/ while naming it commercial.crt
 
    If you have more than one cert files, please concatenate them into one file
 
(b) Copy the private key to /opt/zimbra/ssl/zimbra/commercial/ while naming it commercial.key
 
(c) Copy /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/jetty/webapps/zimbraAdmin/tmp/current.crt
 
    current.crt should be owned by zimbra:zimbra
 
(d) Run this command /opt/zimbra/bin/zmcertmgr install comm
 
</pre>
 
  
[4.5x to 5.x failed cert]
+
Check whether the tomcat alias still exist in the keystore. You can check with this command:
 
  
Check whether the tomcat alias still exist in the keystore, you can check with this command
+
keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass  `zmlocalconfig -s -m nokey mailboxd_keystore_password`
  
<pre>
+
If the above command returns two aliases (tomcat and jetty), please delete the tomcat alias with this command:
keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass  `zmlocalconfig -s -m nokey mailboxd_keystore_password`
 
</pre>
 
  
If the above command returns two aliases (tomcat and jetty), please delete the tomcat alias with this command
+
keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
  
<pre>
+
If there are any errors from the above command, please send it to support@zimbra.com.
keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
 
</pre>
 
 
If there are any errors from the above command, please send it to us (support@zimbra.com).
 
  
[importing commercial certificates from other mail systems to zimbra 5.x]
+
=Importing commercial certificates from other mail systems to Zimbra 5.x=
 +
 
 +
If we have all the necessary pieces, you should be able to bring your commercial cert to Zimbra.
  
If we have all the necessary pieces, you should be able to bring your commercial cert to zimbra.
 
<pre>
 
 
You need the following:
 
You need the following:
(1) the private key in a decrypted format.
+
#The private key in a decrypted format
(2) all the cert files you received from the CA (intermediate and rootca).
+
#All the cert files you received from the CA (intermediate and rootca)
(3) make sure the zimbra hostname is the same as the one on the cert.
+
#Make sure the Zimbra hostname is the same as the one on the cert
</pre>
+
 
<pre>
+
Here are the steps:
Here are the steps:
+
#Place your private key in '''/opt/zimbra/ssl/zimbra/commercial''' and name it '''commercial.key'''
(1) place your private key in /opt/zimbra/ssl/zimbra/commercial and name it commercial.key
+
#Make sure commercial.key permission is set to 700 and is owned by root:root
(2) make sure commercial.key permission is set to 700 and is owned by root:root
+
#Upload the certificate files via the admin console>certificates.
(3) upload the certificate files via the admin console>certificates.
+
#Make sure to upload all the certificate files that you received from you CA (rootca,intermediate,...)
(4) make sure to upload all the certificate files that you received from you CA (rootca,intermediate,...)
+
 
</pre>
+
=GoDaddy Certificate in 5.x=
[GoDaddy Certificate in 5.x]
+
Assuming the following is correct:
<pre>
+
*This is a new certificate.
Assuming the following is correct;
+
*You generated the csr via the admin console
1- this is a new certificate.
+
*You sent the csr to get it signed and you received the following files:
2- you generated the csr via the admin console
+
**gd_cross_intermediate.crt,
3- you sent the csr to get it signed and you received the following files
+
**gd_intermediate.crt,
    gd_cross_intermediate.crt,
+
**<server_name>.crt.
    gd_intermediate.crt,
+
**gd_bundle.crt
    <server_name>.crt.
+
**(Root CA)
    gd_bundle.crt
+
*The '''/opt/zimbra/ssl/zimbra/commercial''' has two files:
    (Root CA)
+
**commercial.key
4- the /opt/zimbra/ssl/zimbra/commercial has two files
+
**commercial.crt
      commercial.key
+
 
      commercial.crt
+
You can install the certificate by logging in to the admin console and uploading these files:
</pre>
+
*gd_cross_intermediate.crt,
 +
*gd_intermediate.crt,
 +
*<server_name>.crt.
 +
*(Root CA)
  
<pre>
+
Once you have uploaded the above files, restart Zimbra services.
You can install the certificate by logging in to the admin console and uploading those files
 
    gd_cross_intermediate.crt,
 
    gd_intermediate.crt,
 
    <server_name>.crt.
 
    (Root CA)
 
and restart the zimbra services
 
   
 
That's all there is to it.  
 
</pre>
 
  
  

Revision as of 19:50, 11 February 2008

5.0.1_GA and later

Obtain your commercial certificate from your provider.

Note: You will also need the root CA and any intermediaries that the provider uses in PEM format.

Concatenate the root and intermediary files into a single file for use with zmcertmgr.

 (a) sudo zmcertmgr deploycrt comm <cert file> <ca_chain file>
 (b) zmcontrol stop ; zmcontrol start

5.0.0_GA

  1. Copy the certificate file(s) to /opt/zimbra/ssl/zimbra/commercial/ while naming it commercial.crt. If you have more than one cert file, please concatenate them into one file.
  2. Copy the private key to /opt/zimbra/ssl/zimbra/commercial/ while naming it commercial.key.
  3. Copy /opt/zimbra/ssl/zimbra/commercial/commercial.crt to /opt/zimbra/jetty/webapps/zimbraAdmin/tmp/current.crt. current.crt should be owned by zimbra:zimbra.
  4. Run this command:
/opt/zimbra/bin/zmcertmgr install comm

4.5x to 5.x failed cert

Check whether the tomcat alias still exist in the keystore. You can check with this command:

keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass  `zmlocalconfig -s -m nokey mailboxd_keystore_password`

If the above command returns two aliases (tomcat and jetty), please delete the tomcat alias with this command:

keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`

If there are any errors from the above command, please send it to support@zimbra.com.

Importing commercial certificates from other mail systems to Zimbra 5.x

If we have all the necessary pieces, you should be able to bring your commercial cert to Zimbra.

You need the following:

  1. The private key in a decrypted format
  2. All the cert files you received from the CA (intermediate and rootca)
  3. Make sure the Zimbra hostname is the same as the one on the cert

Here are the steps:

  1. Place your private key in /opt/zimbra/ssl/zimbra/commercial and name it commercial.key
  2. Make sure commercial.key permission is set to 700 and is owned by root:root
  3. Upload the certificate files via the admin console>certificates.
  4. Make sure to upload all the certificate files that you received from you CA (rootca,intermediate,...)

GoDaddy Certificate in 5.x

Assuming the following is correct:

  • This is a new certificate.
  • You generated the csr via the admin console
  • You sent the csr to get it signed and you received the following files:
    • gd_cross_intermediate.crt,
    • gd_intermediate.crt,
    • <server_name>.crt.
    • gd_bundle.crt
    • (Root CA)
  • The /opt/zimbra/ssl/zimbra/commercial has two files:
    • commercial.key
    • commercial.crt

You can install the certificate by logging in to the admin console and uploading these files:

  • gd_cross_intermediate.crt,
  • gd_intermediate.crt,
  • <server_name>.crt.
  • (Root CA)

Once you have uploaded the above files, restart Zimbra services.


Verified Against: Zimbra Collaboration Suite 5.x Date Created: 1/16/2008
Article ID: https://wiki.zimbra.com/index.php?title=5.x_Commercial_Certificates_Guide Date Modified: 2008-02-11



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search