Administration Console and CLI Certificate Tools: Difference between revisions

m (Zmcertinstall moved to Administration Console and CLI Certificate Tools: Creating more robust and detailed article about Cert installation and management tools.)
(Creating article -- article unfinished, and tagged with Work in Progress.)
Line 1: Line 1:
General Form:
{{WIP}}


zmcertinstall type server.crt server.key
ZCS allows administrators to manage their certificates using either the Administration Console or the Command Line Interface (CLI). This article discusses the ZCS 5.0.x Administration Console, and the CLI tools for ZCS 5.0.x and 4.5.x.


Type is either mailbox or mta.
=ZCS Administration Console Certificates Tools=
The ZCS Certificates tools are located in the Navigation pane, under '''Tools>Certificates'''. Once you have selected '''Certificates''' from this menu, the Manage Certificates tab opens in the Content pane. From here, you can view your deployed certificates or install a new certificate.
 
[[img]]
 
==Viewing Certificates==
Using the Administration Console, you can view the details of certificates currently deployed.  Details include the certificate subject, issuer, validation days, and subject alternative name.
 
To view a certificate, select a service host name, either under '''Certificates''' in the Navigation pane or by selecting a Service host name in the Manage Certificates tab and clicking '''View Certificate'''.  A Certificates tab for the service host name you selected opens in the Content Pane.
 
You can refresh the currently displayed details by clicking '''Refresh''' at the top of the tab.
 
==Installing Certificates==
Clicking '''Install Certificate''' from either the Manage Certificates tab or a Certificates tab opens the Certificate Installation Wizard.  The Certificate Installation Wizard is a tool that will help you quickly create and deploy a certificate.
 
 
=ZCS Certificate CLI=
The ZCS Certificate CLI commands differ between 5.0.x and 4.5.x. The following sections discuss the CLI tools for each version.
 
==ZCS 5.0.x==
 
 
===zmcertmgr===
This command allows you to manage certificates.
 
====Syntax====
zmcertmgr [options]
 
====Description====
{|style="width:100%" border="1" cellpadding="5" cellspacing="0"
!Name
!Description
|-
!General Options
|-
|<nowiki>-help</nowiki>
|Displays usage options for '''zmcertmgr'''
|-
!Self-Signed Certificate Options
|-
|createca [-new]
|Generates a Certificate Authority (CA). The '''-new''' option forces the generation of a new CA.
|-
|deployca
|Deploys a CA.
|-
|createcsr <nowiki><self|comm> [-new] [-subject subject] [-subjectAltNames "host1,host2"]</nowiki>
|Creates a certificate signing request (CSR) for either a self or commercially signed certificate authority.  The '''<nowiki>-new</nowiki>''' option forces the generation of a new CSR. The '''<nowiki>-subject</nowiki>''' option allows you to specify the path in which the certificate is valid. The '''<nowiki>-subjectAltNames</nowiki>''' option allows you to specify additional hosts that may use the certificate other than the one listed in the subject.  The default subject is "C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}".
|-
|createcrt [-new] [-days validation days] [-subject subject] [-subjectAltNames "host1,host2"]
|Creates a self-signed certificate based on the CSR generated using '''createcsr'''. The '''-new''' option forces the generation of a new certificate.  The '''-days''' option assigns a number of days for which the certificate is valid.  The '''-subject''' option allows you to specify the path in which the certificate is valid.  The '''-subjectAltNames''' allows you to specify additional hosts that may use the certificate other than the one listed  in the subject.  The default subject is "C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}".
|-
|deploycrt <self>
|Deploys a self-signed certificate.
|-
!Self-Signed and Commercial Certificate Options
|-
|deploycrt <comm> [certfile] [ca_chain_file]
|
|-
|savecrt
|
|-
|viewcsr <nowiki><self|comm></nowiki> [csr_file]
|
|-
|viewdeployedcrt <nowiki>[all|ldap|mta|proxy|mailboxd]</nowiki>
|
|-
|viewstagedcrt <nowiki><self|comm></nowiki> [certfile]
|
|-
|verifycrt <nowiki><self|comm></nowiki> [priv_key] [certfile]
|
|-
|verifycrtchain <ca_file> <certfile>
|
|}
 
====Examples====
 
==ZCS 4.5.x==
In ZCS 4.5.x, the task of creating a Certificate Authority, creating a self-signed certificate, and then installing the certificate is handled by three CLI commands. When you are installing a certificate, remember to stop Tomcat before running '''zmcertinstall''', and to restart Tomcat once the certificate has been installed.
 
===zmcreateca===
This command creates a Certificate Authority (CA).
 
====Syntax====
zmcreateca
 
===zmcreatecert===
This command creates a new self-signed certificate.
 
====Syntax====
zmcreatecert
 
===zmcertinstall===
This command installs a certificate.
 
'''''Note''': Stop Tomcat before you install the certificate. Once the certificate is installed, restart Tomcat.''
 
====Syntax====
zmcertinstall
 
 
{{Article Footer|ZCS 4.5.x & 5.0.x|9/10/2008}}


[[Category:Command Line Interface]]
[[Category:Command Line Interface]]

Revision as of 23:04, 10 September 2008


ZCS allows administrators to manage their certificates using either the Administration Console or the Command Line Interface (CLI). This article discusses the ZCS 5.0.x Administration Console, and the CLI tools for ZCS 5.0.x and 4.5.x.

ZCS Administration Console Certificates Tools

The ZCS Certificates tools are located in the Navigation pane, under Tools>Certificates. Once you have selected Certificates from this menu, the Manage Certificates tab opens in the Content pane. From here, you can view your deployed certificates or install a new certificate.

img

Viewing Certificates

Using the Administration Console, you can view the details of certificates currently deployed. Details include the certificate subject, issuer, validation days, and subject alternative name.

To view a certificate, select a service host name, either under Certificates in the Navigation pane or by selecting a Service host name in the Manage Certificates tab and clicking View Certificate. A Certificates tab for the service host name you selected opens in the Content Pane.

You can refresh the currently displayed details by clicking Refresh at the top of the tab.

Installing Certificates

Clicking Install Certificate from either the Manage Certificates tab or a Certificates tab opens the Certificate Installation Wizard. The Certificate Installation Wizard is a tool that will help you quickly create and deploy a certificate.


ZCS Certificate CLI

The ZCS Certificate CLI commands differ between 5.0.x and 4.5.x. The following sections discuss the CLI tools for each version.

ZCS 5.0.x

zmcertmgr

This command allows you to manage certificates.

Syntax

zmcertmgr [options]

Description

Name Description
General Options
-help Displays usage options for zmcertmgr
Self-Signed Certificate Options
createca [-new] Generates a Certificate Authority (CA). The -new option forces the generation of a new CA.
deployca Deploys a CA.
createcsr <self|comm> [-new] [-subject subject] [-subjectAltNames "host1,host2"] Creates a certificate signing request (CSR) for either a self or commercially signed certificate authority. The -new option forces the generation of a new CSR. The -subject option allows you to specify the path in which the certificate is valid. The -subjectAltNames option allows you to specify additional hosts that may use the certificate other than the one listed in the subject. The default subject is "C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}".
createcrt [-new] [-days validation days] [-subject subject] [-subjectAltNames "host1,host2"] Creates a self-signed certificate based on the CSR generated using createcsr. The -new option forces the generation of a new certificate. The -days option assigns a number of days for which the certificate is valid. The -subject option allows you to specify the path in which the certificate is valid. The -subjectAltNames allows you to specify additional hosts that may use the certificate other than the one listed in the subject. The default subject is "C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}".
deploycrt <self> Deploys a self-signed certificate.
Self-Signed and Commercial Certificate Options
deploycrt <comm> [certfile] [ca_chain_file]
savecrt
viewcsr <self|comm> [csr_file]
viewdeployedcrt [all|ldap|mta|proxy|mailboxd]
viewstagedcrt <self|comm> [certfile]
verifycrt <self|comm> [priv_key] [certfile]
verifycrtchain <ca_file> <certfile>

Examples

ZCS 4.5.x

In ZCS 4.5.x, the task of creating a Certificate Authority, creating a self-signed certificate, and then installing the certificate is handled by three CLI commands. When you are installing a certificate, remember to stop Tomcat before running zmcertinstall, and to restart Tomcat once the certificate has been installed.

zmcreateca

This command creates a Certificate Authority (CA).

Syntax

zmcreateca

zmcreatecert

This command creates a new self-signed certificate.

Syntax

zmcreatecert

zmcertinstall

This command installs a certificate.

Note: Stop Tomcat before you install the certificate. Once the certificate is installed, restart Tomcat.

Syntax

zmcertinstall


Verified Against: ZCS 4.5.x & 5.0.x Date Created: 9/10/2008
Article ID: https://wiki.zimbra.com/index.php?title=Administration_Console_and_CLI_Certificate_Tools Date Modified: 2008-09-10



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search