Difference between revisions of "Commercial-SSL-CRT"

m (Protected "Commercial-SSL-CRT": Excessive spamming (‎[edit=sysop] (indefinite) ‎[move=sysop] (indefinite)) [cascading])
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Generating CSR for Commercial SSL certificates and deployment ==
+
#REDIRECT [[Administration_Console_and_CLI_Certificate_Tools]]
 
 
'''Example steps for generating CSR:'''
 
 
 
'''Run as root user (normal key size - 1024)'''
 
 
 
/opt/zimbra/bin/zmcertmgr createcsr comm -new  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
 
Replace the below values as per your requirement.
 
C=Country
 
ST=State
 
L=Location
 
O=Organization
 
OU=Organization Unit
 
CN=Comman Name
 
 
 
'''You can generate the CSR with 2048 key size using below example steps.'''
 
 
 
'''Run as root user (key size - 2048)'''
 
 
 
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
 
 
 
'''If you want to generate CSR for single mail server, use below example.'''
 
 
 
'''Run as root user (you can generate CSR with key size as per your requirement)'''
 
 
 
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
 
 
 
'''Replace "host.domain.com" as per your requirement, its the public host name used to access emails in web browser.'''
 
 
 
'''For Wildcard Certificate:'''
 
 
 
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com"
 
 
 
'''For normal certificate with subjectAltNames'''
 
 
 
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com" -subjectAltNames  "host1.domain.com,host2.domain.com,host3.domain.com"
 
 
 
'''CSR file will be generated in below path'''
 
/opt/zimbra/ssl/zimbra/commercial/commercial.csr
 
cd /opt/zimbra/ssl/zimbra/commercial/
 
ls -ltr -> will show you the latest CSR generated in sorted order.
 
 
 
'''Copy the content of /opt/zimbra/ssl/zimbra/commercial/commercial.csr and paste it to vendor's portal, get the commercial certificates, then you can follow the below steps to deploy commercial certificates.'''
 
 
 
'''We recommend to deploy commercial certificates in command line.'''
 
 
 
'''1. Create a directory and place all the commercial certificate files there.
 
example:'''
 
mkdir /root/certs (place all commercial cert files in this directory).
 
 
 
'''2. Concatenate the root certificate and the intermediate certificate into one file. You can named it commercial_ca.crt'''
 
 
 
'''Note: add a blank line to each file BEFORE you cat them together.'''
 
 
 
'''example:'''
 
cat PositiveSSLCA.crt UTNAddTrustServerCA.crt AddTrustExternalCARoot.crt >> commercial_ca.crt
 
 
 
'''3. Verify the certificate
 
example:'''
 
cd /root/certs ; /opt/zimbra/bin/zmcertmgr verifycrt comm  /opt/zimbra/ssl/zimbra/commercial/commercial.key ./<server_name.crt ./commercial_ca.crt
 
 
 
'''4. Deploy the certificate
 
example:'''
 
cd /root/certs ; /opt/zimbra/bin/zmcertmgr deploycrt comm ./<server_name.crt ./commercial_ca.crt
 
 
 
'''5. restart the zimbra services
 
example:'''
 
su - zimbra
 
zmcontrol restart
 

Latest revision as of 21:16, 15 July 2015

Jump to: navigation, search