|
|
| Line 1: |
Line 1: |
| =TOOLS=
| |
| ==Admininstration Console>Certificates==
| |
| This is the preferred method for installing commercial certificates. You simply start the Wizard and upload all the cert files and restart the Zimbra Services.
| |
|
| |
| At the moment (8/26/08), according to Zimbra support, the web interface only supports having "one csr/private key at a time. Generating a new csr overrides the existing one and generates a new private key. If you want to generate more than one csr:
| |
| - you simply generate the first one which is downloaded to
| |
| /opt/zimbra/ssl/zimbra/commercial directory (commercial.csr and commercial.key)
| |
| - move both files aside
| |
| - generate the second csr which would download to the same location above"
| |
|
| |
| ==/opt/zimbra/bin/zmcertmgr==
| |
| If the Administration Console>Certificates Wizard is not doing the job, we then resort to the command line.
| |
|
| |
| '''''Note:''' This tool must be run as root.''
| |
|
| |
| It requires the following:
| |
|
| |
| *The private key must exist in '''/opt/zimbra/ssl/zimbra/commercial''' directory and must be named '''commercial.key''' with permission set to '''740'''.
| |
| *The server certificate and the chain cert files must exist in a temp directory. E.g. '''/root/certs'''
| |
| *The server cert must be named '''commercial.crt'''.
| |
| *The chain cert files must be concatenated into one file called commercial_ca.crt.
| |
| *Verify that the cert and the key match using this command:
| |
| /opt/zimbra/bin/zmcertmgr verifycrt comm /path/to/privatekey /path/to/commercial.crt /path/to/commercial_ca.crt
| |
| *From the temp directory, deploy the cert and restart the zimbra services.
| |
| (a) sudo zmcertmgr deploycrt comm /path/to/commercial.crt /path/to/commercial_ca.crt
| |
| (b) zmcontrol stop ; zmcontrol start
| |
|
| |
|
| |
|
| |
|
| |
|
| |
| =Troubleshooting=
| |
| For troubleshooting certificate issues, see [[:Category:Troubleshooting Certificates]].
| |
|
| |
| =Misc= | | =Misc= |
| *Inspect your CSR | | *Inspect your CSR |
Revision as of 22:40, 22 September 2008
Misc
openssl req -in <server.csr> -noout -text
openssl x509 -in <server.crt> -noout -text
- Clear the passphrase of the private key
openssl rsa -in <server.key> -out <server.key.decr>
- Get Jetty keystore password
zmlocalconfig -s -m nokey mailboxd_keystore_password
sudo /opt/zimbra/bin/zmcertmgr createcsr <self|comm> [-new] [subject] [-subjectAltNames "host1,host2"]
- View deployed certificate via the command line
sudo /opt/zimbra/bin/zmcertmgr viewdeployedcrt
- Convert the cert format from DER to PEM
openssl x509 -in input.cer -inform DER -out output.cer -outform PEM
Try Zimbra
Try Zimbra Collaboration with a 60-day free trial.
Get it now »
Want to get involved?
You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »
Looking for a Video?
Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »
