Difference between revisions of "Commercial-SSL-CRT"
m (Protected "Commercial-SSL-CRT": Excessive spamming ([edit=sysop] (indefinite) [move=sysop] (indefinite)) [cascading])
Revision as of 07:52, 11 June 2013
Generating CSR for Commercial SSL certificates and deployment
Example steps for generating CSR:
Run as root user (normal key size - 1024)
/opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com" Replace the below values as per your requirement. C=Country ST=State L=Location O=Organization OU=Organization Unit CN=Comman Name
You can generate the CSR with 2048 key size using below example steps.
Run as root user (key size - 2048)
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
If you want to generate CSR for single mail server, use below example.
Run as root user (you can generate CSR with key size as per your requirement)
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=host.domain.com"
Replace "host.domain.com" as per your requirement, its the public host name used to access emails in web browser.
For Wildcard Certificate:
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com"
For normal certificate with subjectAltNames
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize <size> -subject "/C=US/ST=TX/L=Somewhere/O=Test/OU=IT/CN=*.domain.com" -subjectAltNames "host1.domain.com,host2.domain.com,host3.domain.com"
CSR file will be generated in below path
/opt/zimbra/ssl/zimbra/commercial/commercial.csr cd /opt/zimbra/ssl/zimbra/commercial/ ls -ltr -> will show you the latest CSR generated in sorted order.
Copy the content of /opt/zimbra/ssl/zimbra/commercial/commercial.csr and paste it to vendor's portal, get the commercial certificates, then you can follow the below steps to deploy commercial certificates.
We recommend to deploy commercial certificates in command line.
1. Create a directory and place all the commercial certificate files there. example:
mkdir /root/certs (place all commercial cert files in this directory).
2. Concatenate the root certificate and the intermediate certificate into one file. You can named it commercial_ca.crt
Note: add a blank line to each file BEFORE you cat them together.
cat PositiveSSLCA.crt UTNAddTrustServerCA.crt AddTrustExternalCARoot.crt >> commercial_ca.crt
3. Verify the certificate example:
cd /root/certs ; /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./<server_name.crt ./commercial_ca.crt
4. Deploy the certificate example:
cd /root/certs ; /opt/zimbra/bin/zmcertmgr deploycrt comm ./<server_name.crt ./commercial_ca.crt
5. restart the zimbra services example:
su - zimbra zmcontrol restart