Difference between revisions of "Commercial-SSL-CRT"

(One intermediate revision by one other user not shown)
Line 1: Line 1:
== Generating CSR for Commercial SSL certificates and deployment ==
#REDIRECT [[Administration_Console_and_CLI_Certificate_Tools]]
'''Example steps for generating CSR:'''
'''Run as root user (normal key size - 1024)'''
/opt/zimbra/bin/zmcertmgr createcsr comm -new  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
Replace the below values as per your requirement.
OU=Organization Unit
CN=Comman Name
'''You can generate the CSR with 2048 key size using below example steps.'''
'''Run as root user (key size - 2048)'''
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
'''If you want to generate CSR for single mail server, use below example.'''
'''Run as root user (you can generate CSR with key size as per your requirement)'''
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
'''Replace "host.domain.com" as per your requirement, its the public host name used to access emails in web browser.'''
'''For Wildcard Certificate:'''
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com"
'''For normal certificate with subjectAltNames'''
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com" -subjectAltNames  "host1.domain.com,host2.domain.com,host3.domain.com"
'''CSR file will be generated in below path'''
cd /opt/zimbra/ssl/zimbra/commercial/
ls -ltr -> will show you the latest CSR generated in sorted order.
'''Copy the content of /opt/zimbra/ssl/zimbra/commercial/commercial.csr and paste it to vendor's portal, get the commercial certificates, then you can follow the below steps to deploy commercial certificates.'''
'''We recommend to deploy commercial certificates in command line.'''
'''1. Create a directory and place all the commercial certificate files there.
mkdir /root/certs (place all commercial cert files in this directory).
'''2. Concatenate the root certificate and the intermediate certificate into one file. You can named it commercial_ca.crt
'''Note: add a blank line to each file BEFORE you cat them together.'''
cat PositiveSSLCA.crt UTNAddTrustServerCA.crt AddTrustExternalCARoot.crt >> commercial_ca.crt
'''3. Verify the certificate
cd /root/certs ; /opt/zimbra/bin/zmcertmgr verifycrt comm  /opt/zimbra/ssl/zimbra/commercial/commercial.key ./<server_name.crt ./commercial_ca.crt
'''4. Deploy the certificate
cd /root/certs ; /opt/zimbra/bin/zmcertmgr deploycrt comm ./<server_name.crt ./commercial_ca.crt
'''5. restart the zimbra services
su - zimbra
zmcontrol restart

Latest revision as of 21:16, 15 July 2015

Jump to: navigation, search