Commercial-SSL-CRT: Difference between revisions

m (Protected "Commercial-SSL-CRT": Excessive spamming (‎[edit=sysop] (indefinite) ‎[move=sysop] (indefinite)) [cascading])
(2.3)
Line 49: Line 49:
  mkdir /root/certs (place all commercial cert files in this directory).  
  mkdir /root/certs (place all commercial cert files in this directory).  


'''2. Concatenate the root certificate and the intermediate certificate into one file. You can named it commercial_ca.crt'''  
'''2. Concatenate the root certificate and the intermediate certificate into one file. You can named it commercial_ca.crt
example:'''  


'''Note: add a blank line to each file BEFORE you cat them together.'''
'''Note: add a blank line to each file BEFORE you cat them together.'''


'''example:'''
  cat PositiveSSLCA.crt UTNAddTrustServerCA.crt AddTrustExternalCARoot.crt >> commercial_ca.crt
  cat PositiveSSLCA.crt UTNAddTrustServerCA.crt AddTrustExternalCARoot.crt >> commercial_ca.crt



Revision as of 09:35, 11 June 2013

Generating CSR for Commercial SSL certificates and deployment

Example steps for generating CSR:

Run as root user (normal key size - 1024)

/opt/zimbra/bin/zmcertmgr createcsr comm -new  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com" 
Replace the below values as per your requirement. 
C=Country 
ST=State 
L=Location 
O=Organization 
OU=Organization Unit 
CN=Comman Name 

You can generate the CSR with 2048 key size using below example steps.

Run as root user (key size - 2048)

/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com" 

If you want to generate CSR for single mail server, use below example.

Run as root user (you can generate CSR with key size as per your requirement)

/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com" 

Replace "host.domain.com" as per your requirement, its the public host name used to access emails in web browser.

For Wildcard Certificate:

/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com" 

For normal certificate with subjectAltNames

/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject  "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com" -subjectAltNames  "host1.domain.com,host2.domain.com,host3.domain.com"

CSR file will be generated in below path

/opt/zimbra/ssl/zimbra/commercial/commercial.csr
cd /opt/zimbra/ssl/zimbra/commercial/ 
ls -ltr -> will show you the latest CSR generated in sorted order.

Copy the content of /opt/zimbra/ssl/zimbra/commercial/commercial.csr and paste it to vendor's portal, get the commercial certificates, then you can follow the below steps to deploy commercial certificates.

We recommend to deploy commercial certificates in command line.

1. Create a directory and place all the commercial certificate files there. example:

mkdir /root/certs (place all commercial cert files in this directory). 

2. Concatenate the root certificate and the intermediate certificate into one file. You can named it commercial_ca.crt example:

Note: add a blank line to each file BEFORE you cat them together.

cat PositiveSSLCA.crt UTNAddTrustServerCA.crt AddTrustExternalCARoot.crt >> commercial_ca.crt

3. Verify the certificate example:

cd /root/certs ; /opt/zimbra/bin/zmcertmgr verifycrt comm   /opt/zimbra/ssl/zimbra/commercial/commercial.key ./<server_name.crt ./commercial_ca.crt 

4. Deploy the certificate example:

cd /root/certs ; /opt/zimbra/bin/zmcertmgr deploycrt comm ./<server_name.crt ./commercial_ca.crt 

5. restart the zimbra services example:

su - zimbra 
zmcontrol restart
Jump to: navigation, search