Installing a IPSCA Commercial Certificate

Revision as of 19:13, 12 September 2009 by Fizi (talk | contribs)

Summary

Documentation on how to install a commercial SSL Certificate provided by IPSCA using zmcertmgr. I created this documentation after upgrading to Zimbra 6.0 and having Zimbra fail to start due to the commercial SSL Certificate.

IPSCA offers free wildcard SSL certificates for Educational Institutions which is why we chose them. Their certificates appear to work in everything with out complaining except Opera.

This documentation assumes you've already generated your private key, certificate request and gotten it signed by IPSCA for your domain.


Installing a IPSCA SSL Certificate using zmcertmgr

1. Download a copy of the IPSCA Intermedia Certificate and Root Certificate from here. Thankfully IPSCA bundles them together for you saving you some time. If you really want them in separate files go here

 wget http://certs.ipsca.com/companyIPSipsCA/IPS-IPSCABUNDLE.CRT

2. Put your .key and .crt files on your server. For this example I'm going to use 'example.ca.key' and 'example.ca.crt' and assume they are stored in '/tmp'

3. I decrypted my SSL private key (example.ca.key). I'm not 100% sure if you have to do this but I find it easier to deal with because you don't have to keep entering the private keys passphrase.

 openssl rsa -in /tmp/example.ca.key -out /tmp/example.ca.key.unenc

Enter your passphrase for the private key when prompted

4. Make sure you're root and copy your unencrypted private key into Zimbra SSL directory

 cp /tmp/example.ca.key.unenc /opt/zimbra/ssl/zimbra/commercial/commercial.key

5. Still as root you'll now import your commercial certificate (example.ca.crt) and the IPSCA CA and Intermediate certificate bundle (IPS-IPSCABUNDLE.CRT). Make sure Zimbra is running before you run this command.

 /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/example.ca.crt /tmp/IPS-IPSCABUNDLE.CRT

6. As the Zimbra user stop and restart Zimbra

 zmcontrol stop
 zmcontrol start


Troubleshooting

When I run 'zmcertmgr' to import my certificate I see the following messages during the import:

 ** Saving server config key zimbraSSLCertificate...failed.
 ** Saving server config key zimbraSSLPrivateKey...failed.

This means Zimbra isn't running. Start Zimbra and then re-run the command.

Jump to: navigation, search