Administration Console and CLI Certificate Tools

Revision as of 23:04, 10 September 2008 by Cfremon (talk | contribs) (Creating article -- article unfinished, and tagged with Work in Progress.)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.


ZCS allows administrators to manage their certificates using either the Administration Console or the Command Line Interface (CLI). This article discusses the ZCS 5.0.x Administration Console, and the CLI tools for ZCS 5.0.x and 4.5.x.

ZCS Administration Console Certificates Tools

The ZCS Certificates tools are located in the Navigation pane, under Tools>Certificates. Once you have selected Certificates from this menu, the Manage Certificates tab opens in the Content pane. From here, you can view your deployed certificates or install a new certificate.

img

Viewing Certificates

Using the Administration Console, you can view the details of certificates currently deployed. Details include the certificate subject, issuer, validation days, and subject alternative name.

To view a certificate, select a service host name, either under Certificates in the Navigation pane or by selecting a Service host name in the Manage Certificates tab and clicking View Certificate. A Certificates tab for the service host name you selected opens in the Content Pane.

You can refresh the currently displayed details by clicking Refresh at the top of the tab.

Installing Certificates

Clicking Install Certificate from either the Manage Certificates tab or a Certificates tab opens the Certificate Installation Wizard. The Certificate Installation Wizard is a tool that will help you quickly create and deploy a certificate.


ZCS Certificate CLI

The ZCS Certificate CLI commands differ between 5.0.x and 4.5.x. The following sections discuss the CLI tools for each version.

ZCS 5.0.x

zmcertmgr

This command allows you to manage certificates.

Syntax

zmcertmgr [options]

Description

Name Description
General Options
-help Displays usage options for zmcertmgr
Self-Signed Certificate Options
createca [-new] Generates a Certificate Authority (CA). The -new option forces the generation of a new CA.
deployca Deploys a CA.
createcsr <self|comm> [-new] [-subject subject] [-subjectAltNames "host1,host2"] Creates a certificate signing request (CSR) for either a self or commercially signed certificate authority. The -new option forces the generation of a new CSR. The -subject option allows you to specify the path in which the certificate is valid. The -subjectAltNames option allows you to specify additional hosts that may use the certificate other than the one listed in the subject. The default subject is "C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}".
createcrt [-new] [-days validation days] [-subject subject] [-subjectAltNames "host1,host2"] Creates a self-signed certificate based on the CSR generated using createcsr. The -new option forces the generation of a new certificate. The -days option assigns a number of days for which the certificate is valid. The -subject option allows you to specify the path in which the certificate is valid. The -subjectAltNames allows you to specify additional hosts that may use the certificate other than the one listed in the subject. The default subject is "C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}".
deploycrt <self> Deploys a self-signed certificate.
Self-Signed and Commercial Certificate Options
deploycrt <comm> [certfile] [ca_chain_file]
savecrt
viewcsr <self|comm> [csr_file]
viewdeployedcrt [all|ldap|mta|proxy|mailboxd]
viewstagedcrt <self|comm> [certfile]
verifycrt <self|comm> [priv_key] [certfile]
verifycrtchain <ca_file> <certfile>

Examples

ZCS 4.5.x

In ZCS 4.5.x, the task of creating a Certificate Authority, creating a self-signed certificate, and then installing the certificate is handled by three CLI commands. When you are installing a certificate, remember to stop Tomcat before running zmcertinstall, and to restart Tomcat once the certificate has been installed.

zmcreateca

This command creates a Certificate Authority (CA).

Syntax

zmcreateca

zmcreatecert

This command creates a new self-signed certificate.

Syntax

zmcreatecert

zmcertinstall

This command installs a certificate.

Note: Stop Tomcat before you install the certificate. Once the certificate is installed, restart Tomcat.

Syntax

zmcertinstall


Verified Against: ZCS 4.5.x & 5.0.x Date Created: 9/10/2008
Article ID: https://wiki.zimbra.com/index.php?title=Administration_Console_and_CLI_Certificate_Tools Date Modified: 2008-09-10



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search