|
|
(One intermediate revision by the same user not shown) |
Line 1: |
Line 1: |
| == Generating CSR for Commercial SSL certificates and deployment ==
| | #REDIRECT [[Administration_Console_and_CLI_Certificate_Tools]] |
| | |
| '''Example steps for generating CSR:'''
| |
| | |
| '''Run as root user (normal key size - 1024)'''
| |
| | |
| /opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
| |
| Replace the below values as per your requirement.
| |
| C=Country
| |
| ST=State
| |
| L=Location
| |
| O=Organization
| |
| OU=Organization Unit
| |
| CN=Comman Name
| |
| | |
| '''You can generate the CSR with 2048 key size using below example steps.'''
| |
| | |
| '''Run as root user (key size - 2048)'''
| |
| | |
| /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
| |
| | |
| '''If you want to generate CSR for single mail server, use below example.'''
| |
| | |
| '''Run as root user (you can generate CSR with key size as per your requirement)'''
| |
| | |
| /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
| |
| | |
| '''Replace "host.domain.com" as per your requirement, its the public host name used to access emails in web browser.'''
| |
| | |
| '''For Wildcard Certificate:'''
| |
| | |
| /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com"
| |
| | |
| '''For normal certificate with subjectAltNames'''
| |
| | |
| /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com" -subjectAltNames "host1.domain.com,host2.domain.com,host3.domain.com"
| |
| | |
| '''CSR file will be generated in below path'''
| |
| /opt/zimbra/ssl/zimbra/commercial/commercial.csr
| |
| cd /opt/zimbra/ssl/zimbra/commercial/
| |
| ls -ltr -> will show you the latest CSR generated in sorted order.
| |
| | |
| '''Copy the content of /opt/zimbra/ssl/zimbra/commercial/commercial.csr and paste it to vendor's portal, get the commercial certificates, then you can follow the below steps to deploy commercial certificates.'''
| |
| | |
| '''We recommend to deploy commercial certificates in command line.'''
| |
| | |
| '''1. Create a directory and place all the commercial certificate files there.
| |
| example:'''
| |
| mkdir /root/certs (place all commercial cert files in this directory).
| |
| | |
| '''2. Concatenate the root certificate and the intermediate certificate into one file. You can named it commercial_ca.crt
| |
| example:'''
| |
| | |
| '''Note: add a blank line to each file BEFORE you cat them together.'''
| |
| | |
| cat PositiveSSLCA.crt UTNAddTrustServerCA.crt AddTrustExternalCARoot.crt >> commercial_ca.crt
| |
| | |
| '''3. Verify the certificate
| |
| example:'''
| |
| cd /root/certs ; /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./<server_name.crt ./commercial_ca.crt
| |
| | |
| '''4. Deploy the certificate
| |
| example:'''
| |
| cd /root/certs ; /opt/zimbra/bin/zmcertmgr deploycrt comm ./<server_name.crt ./commercial_ca.crt
| |
| | |
| '''5. restart the zimbra services
| |
| example:'''
| |
| su - zimbra
| |
| zmcontrol restart
| |