|
|
(One intermediate revision by one other user not shown) |
Line 1: |
Line 1: |
− | == Generating CSR for Commercial SSL certificates and deployment ==
| + | #REDIRECT [[Administration_Console_and_CLI_Certificate_Tools]] |
− | | |
− | '''Example steps for generating CSR:'''
| |
− | | |
− | '''Run as root user (normal key size - 1024)'''
| |
− | | |
− | /opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
| |
− | Replace the below values as per your requirement.
| |
− | C=Country
| |
− | ST=State
| |
− | L=Location
| |
− | O=Organization
| |
− | OU=Organization Unit
| |
− | CN=Comman Name
| |
− | | |
− | '''You can generate the CSR with 2048 key size using below example steps.'''
| |
− | | |
− | '''Run as root user (key size - 2048)'''
| |
− | | |
− | /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
| |
− | | |
− | '''If you want to generate CSR for single mail server, use below example.'''
| |
− | | |
− | '''Run as root user (you can generate CSR with key size as per your requirement)'''
| |
− | | |
− | /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
| |
− | | |
− | '''Replace "host.domain.com" as per your requirement, its the public host name used to access emails in web browser.'''
| |
− | | |
− | '''For Wildcard Certificate:'''
| |
− | | |
− | /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com"
| |
− | | |
− | '''For normal certificate with subjectAltNames'''
| |
− | | |
− | /opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com" -subjectAltNames "host1.domain.com,host2.domain.com,host3.domain.com"
| |
− | | |
− | '''CSR file will be generated in below path'''
| |
− | /opt/zimbra/ssl/zimbra/commercial/commercial.csr
| |
− | cd /opt/zimbra/ssl/zimbra/commercial/
| |
− | ls -ltr -> will show you the latest CSR generated in sorted order.
| |
− | | |
− | '''Copy the content of /opt/zimbra/ssl/zimbra/commercial/commercial.csr and paste it to vendor's portal, get the commercial certificates, then you can follow the below steps to deploy commercial certificates.'''
| |
− | | |
− | '''We recommend to deploy commercial certificates in command line.'''
| |
− | | |
− | '''1. Create a directory and place all the commercial certificate files there.
| |
− | example:'''
| |
− | mkdir /root/certs (place all commercial cert files in this directory).
| |
− | | |
− | '''2. Concatenate the root certificate and the intermediate certificate into one file. You can named it commercial_ca.crt
| |
− | example:'''
| |
− | | |
− | '''Note: add a blank line to each file BEFORE you cat them together.'''
| |
− | | |
− | cat PositiveSSLCA.crt UTNAddTrustServerCA.crt AddTrustExternalCARoot.crt >> commercial_ca.crt
| |
− | | |
− | '''3. Verify the certificate
| |
− | example:'''
| |
− | cd /root/certs ; /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./<server_name.crt ./commercial_ca.crt
| |
− | | |
− | '''4. Deploy the certificate
| |
− | example:'''
| |
− | cd /root/certs ; /opt/zimbra/bin/zmcertmgr deploycrt comm ./<server_name.crt ./commercial_ca.crt
| |
− | | |
− | '''5. restart the zimbra services
| |
− | example:'''
| |
− | su - zimbra
| |
− | zmcontrol restart
| |