Difference between revisions of "Administration Console and CLI Certificate Tools"

(Creating article -- article unfinished, and tagged with Work in Progress.)
(Completed table for 5.0.x CLI options)
Line 33: Line 33:
 
====Description====
 
====Description====
 
{|style="width:100%" border="1" cellpadding="5" cellspacing="0"
 
{|style="width:100%" border="1" cellpadding="5" cellspacing="0"
!Name
+
! align="left" |Name
!Description
+
! align="left" |Description
 
|-
 
|-
!General Options
+
! colspan="2" align="left" |General Options
 
|-
 
|-
 
|<nowiki>-help</nowiki>
 
|<nowiki>-help</nowiki>
 
|Displays usage options for '''zmcertmgr'''
 
|Displays usage options for '''zmcertmgr'''
 
|-
 
|-
!Self-Signed Certificate Options
+
! colspan="2" align="left" |Self-Signed Certificate Options
 
|-
 
|-
 
|createca [-new]
 
|createca [-new]
Line 58: Line 58:
 
|Deploys a self-signed certificate.
 
|Deploys a self-signed certificate.
 
|-
 
|-
!Self-Signed and Commercial Certificate Options
+
! colspan="2" align="left" |Self-Signed and Commercial Certificate Options
 
|-
 
|-
 
|deploycrt <comm> [certfile] [ca_chain_file]
 
|deploycrt <comm> [certfile] [ca_chain_file]
|
+
|Deploys a commercial certificate.  Specify the certificate file and the certificate authority (CA) chain file.
 
|-
 
|-
 
|savecrt
 
|savecrt
|
+
|Saves a certificate
 
|-
 
|-
 
|viewcsr <nowiki><self|comm></nowiki> [csr_file]
 
|viewcsr <nowiki><self|comm></nowiki> [csr_file]
|
+
|Shows a certificate signing request (CSR). Specify '''self''' if the CSR is self-signed. Specify '''comm''' if the certificate is commercial. Specify the CSR file to view.
 
|-
 
|-
 
|viewdeployedcrt <nowiki>[all|ldap|mta|proxy|mailboxd]</nowiki>
 
|viewdeployedcrt <nowiki>[all|ldap|mta|proxy|mailboxd]</nowiki>
|
+
|Shows a deployed certificate. This option only works for the local server.
 
|-
 
|-
 
|viewstagedcrt <nowiki><self|comm></nowiki> [certfile]
 
|viewstagedcrt <nowiki><self|comm></nowiki> [certfile]
|
+
|Shows a staged certificate. A staged certificate is placed in a staging file, where all files that will be deployed with the certificate are kept. You can use the staging area to verify that you are ready to deploy a certificate.  Specify '''self''' if the certificate is self-signed. Specify '''comm''' if the certificate is commercial.  Specify the certificate file to view.
 
|-
 
|-
 
|verifycrt <nowiki><self|comm></nowiki> [priv_key] [certfile]
 
|verifycrt <nowiki><self|comm></nowiki> [priv_key] [certfile]
|
+
|Verifies a certificate. Specify '''self''' if the certificate is self-signed. Specify '''comm''' if the certificate is commercial. Specify the certificate key. Specify the certificate file.
 
|-
 
|-
 
|verifycrtchain <ca_file> <certfile>
 
|verifycrtchain <ca_file> <certfile>
|
+
|Verifies a certificate chain.  Specify '''self''' if the certificate is self-signed.  Specify '''comm''' if the certificate is commercial.  Specify the certificate key.  Specify the certificate file.
 
|}
 
|}
  

Revision as of 19:45, 12 September 2008


ZCS allows administrators to manage their certificates using either the Administration Console or the Command Line Interface (CLI). This article discusses the ZCS 5.0.x Administration Console, and the CLI tools for ZCS 5.0.x and 4.5.x.

ZCS Administration Console Certificates Tools

The ZCS Certificates tools are located in the Navigation pane, under Tools>Certificates. Once you have selected Certificates from this menu, the Manage Certificates tab opens in the Content pane. From here, you can view your deployed certificates or install a new certificate.

img

Viewing Certificates

Using the Administration Console, you can view the details of certificates currently deployed. Details include the certificate subject, issuer, validation days, and subject alternative name.

To view a certificate, select a service host name, either under Certificates in the Navigation pane or by selecting a Service host name in the Manage Certificates tab and clicking View Certificate. A Certificates tab for the service host name you selected opens in the Content Pane.

You can refresh the currently displayed details by clicking Refresh at the top of the tab.

Installing Certificates

Clicking Install Certificate from either the Manage Certificates tab or a Certificates tab opens the Certificate Installation Wizard. The Certificate Installation Wizard is a tool that will help you quickly create and deploy a certificate.


ZCS Certificate CLI

The ZCS Certificate CLI commands differ between 5.0.x and 4.5.x. The following sections discuss the CLI tools for each version.

ZCS 5.0.x

zmcertmgr

This command allows you to manage certificates.

Syntax

zmcertmgr [options]

Description

Name Description
General Options
-help Displays usage options for zmcertmgr
Self-Signed Certificate Options
createca [-new] Generates a Certificate Authority (CA). The -new option forces the generation of a new CA.
deployca Deploys a CA.
createcsr <self|comm> [-new] [-subject subject] [-subjectAltNames "host1,host2"] Creates a certificate signing request (CSR) for either a self or commercially signed certificate authority. The -new option forces the generation of a new CSR. The -subject option allows you to specify the path in which the certificate is valid. The -subjectAltNames option allows you to specify additional hosts that may use the certificate other than the one listed in the subject. The default subject is "C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}".
createcrt [-new] [-days validation days] [-subject subject] [-subjectAltNames "host1,host2"] Creates a self-signed certificate based on the CSR generated using createcsr. The -new option forces the generation of a new certificate. The -days option assigns a number of days for which the certificate is valid. The -subject option allows you to specify the path in which the certificate is valid. The -subjectAltNames allows you to specify additional hosts that may use the certificate other than the one listed in the subject. The default subject is "C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}".
deploycrt <self> Deploys a self-signed certificate.
Self-Signed and Commercial Certificate Options
deploycrt <comm> [certfile] [ca_chain_file] Deploys a commercial certificate. Specify the certificate file and the certificate authority (CA) chain file.
savecrt Saves a certificate
viewcsr <self|comm> [csr_file] Shows a certificate signing request (CSR). Specify self if the CSR is self-signed. Specify comm if the certificate is commercial. Specify the CSR file to view.
viewdeployedcrt [all|ldap|mta|proxy|mailboxd] Shows a deployed certificate. This option only works for the local server.
viewstagedcrt <self|comm> [certfile] Shows a staged certificate. A staged certificate is placed in a staging file, where all files that will be deployed with the certificate are kept. You can use the staging area to verify that you are ready to deploy a certificate. Specify self if the certificate is self-signed. Specify comm if the certificate is commercial. Specify the certificate file to view.
verifycrt <self|comm> [priv_key] [certfile] Verifies a certificate. Specify self if the certificate is self-signed. Specify comm if the certificate is commercial. Specify the certificate key. Specify the certificate file.
verifycrtchain <ca_file> <certfile> Verifies a certificate chain. Specify self if the certificate is self-signed. Specify comm if the certificate is commercial. Specify the certificate key. Specify the certificate file.

Examples

ZCS 4.5.x

In ZCS 4.5.x, the task of creating a Certificate Authority, creating a self-signed certificate, and then installing the certificate is handled by three CLI commands. When you are installing a certificate, remember to stop Tomcat before running zmcertinstall, and to restart Tomcat once the certificate has been installed.

zmcreateca

This command creates a Certificate Authority (CA).

Syntax

zmcreateca

zmcreatecert

This command creates a new self-signed certificate.

Syntax

zmcreatecert

zmcertinstall

This command installs a certificate.

Note: Stop Tomcat before you install the certificate. Once the certificate is installed, restart Tomcat.

Syntax

zmcertinstall


Verified Against: ZCS 4.5.x & 5.0.x Date Created: 9/10/2008
Article ID: https://wiki.zimbra.com/index.php?title=Administration_Console_and_CLI_Certificate_Tools Date Modified: 2008-09-12



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search