Revision as of 16:54, 11 May 2015

- This article is a Work in Progress, and may be unfinished or missing sections.

Article Information
This article applies to the following ZCS versions. ZCS 8.6 ZCS 8.5 ZCS 8.0

Installing a RapidSSL Commercial Certificate

Purpose

Step by Step Wiki/KB article to install a RapidSSL Commercial Certificate

Resolution

When you buy a GeoTrust (RapidSSL)SSL certificate, Geotrust will send to you some Root Certificate and RapidSSL intermediate CA certificate, in case that you miss some of them, here are the links:

GeoTrust Root Certificates - https://www.geotrust.com/resources/root-certificates/
Root 2 - GeoTrust Global CA (.pem format) - https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem
RapidSSL Intermediate CA Certificates - https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26459

Preparing the commercial_ca.crt

Certificates were assembled as follows:

cat [RapidSSL intermediate CA] [GeoTrust Global CA] > commercial_ca.crt

You will be able to successfully verify the certificate using the following:

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key mail-cert ./commercial_ca.crt

Where 'mail-cert' is the certificate that was issued to the server based on the CSR, and "commercial_ca.crt" is the bundle assembled from the RapidSSL intermediate CA certificate and the link above.

Deploy the new SSL RapidSSL certificate

Then deploy the certificate as follows:

/opt/zimbra/bin/zmcertmgr deploycrt comm  mail-cert ./commercial_ca.crt

Then you need to restart the services

zmcontrol restart

Additional Content

No related content

Verified Against: Zimbra Collaboration 8.6, 8.5, 8.0	Date Created: 11/19/2009
Article ID: https://wiki.zimbra.com/index.php?title=Installing_a_RapidSSL_Commercial_Certificate	Date Modified: 2015-05-11

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Other help Resources

User Help Page »
Official Forums »
Zimbra Documentation Page »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Wiki/KB reviewed by	Jorge	SME2	Copyeditor	Last edit by Jorge de la Cruz

@@ Line 1: / Line 1: @@
-{{Archive}}{{WIP}}{{Article Infobox|{{admin}}|{{ZCS 6.0}}|{{ZCS 5.0}}|}}=== Istalling a RapidSSL Commercial SSL Certificate ===
+{{WIP}}{{Article Infobox|{{admin}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}}}
+=Installing a RapidSSL Commercial Certificate=
+==Purpose==
+Step by Step Wiki/KB article to install a RapidSSL Commercial Certificate
-Use the article as a guide to installing a GeoTrust / RapidSSL issued SSL certificate with the zmcertmgr tool.
+==Resolution==
+When you buy a GeoTrust (RapidSSL)SSL certificate, Geotrust will send to you some Root Certificate and RapidSSL intermediate CA certificate, in case that you miss some of them, here are the links:
+* GeoTrust Root Certificates - [https://www.geotrust.com/resources/root-certificates/ https://www.geotrust.com/resources/root-certificates/]
+* Root 2 - GeoTrust Global CA (.pem format) - [https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem]
+* RapidSSL Intermediate CA Certificates - [https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26459 https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26459]
+===Preparing the commercial_ca.crt===
+Certificates were assembled as follows:
+  cat [RapidSSL intermediate CA] [GeoTrust Global CA] > commercial_ca.crt
-. You will receive an e-mail from RapidSSL with your commercial certificate.  Locate the [Your RapidSSL certificate:] section within the e-mail and copy the Certificate including the -----BEGIN to END----- to a file server.crt and place this into /tmp/server.crt
+You will be able to successfully verify the certificate using the following:
+ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key mail-cert ./commercial_ca.crt
-. Copy private key including the -----BEGIN to END----- to  /opt/zimbra/ssl/zimbra/commercial/commercial.key (if the file is not already there).
+Where 'mail-cert' is the certificate that was issued to the server based on the CSR, and "commercial_ca.crt" is the bundle assembled from the RapidSSL intermediate CA certificate and the link above.
-'''If you have a certificate generated before december 9th 2010:'''<br>
+===Deploy the new SSL RapidSSL certificate===
-. Download the appropriate bundle file from http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer . RapidSSL certificates are always signed by Equifax!! Save this as ca_bundle.crt
+Then deploy the certificate as follows:
+ /opt/zimbra/bin/zmcertmgr deploycrt comm  mail-cert ./commercial_ca.crt
-'''If you have a certificate generated after december 9th 2010:'''<br>
+Then you need to restart the services
-a. Download the Geotrust root certificate (wget http://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.cer) and ca_bundle (wget https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem).<br>
+ zmcontrol restart
-b. Cat the files together: cat GeoTrust_Global_CA.cer RapidSSL_CA_bundle.pem > /tmp/ca_bundle.crt
-'''If you have a SHA2-256 certificate'''<br>
+==Additional Content==
-c. Download the Geotrust root certificate (wget http://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.cer) and copy Intermediate CA Bundle from this page https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26459 to a file RapidSSL_CA_bundle.pem <br>
+* No related content
-d. Cat the files together: cat GeoTrust_Global_CA.cer RapidSSL_CA_bundle.pem > /tmp/ca_bundle.crt
-. Deploy the commercial certificate with zmcertmgr as the '''root''' user.
+{{Article Footer|Zimbra Collaboration 8.6, 8.5, 8.0|11/19/2009}}
-  # cd /opt/zimbra/bin
+{{NeedSME|Jorge|SME2|Copyeditor}}
-  # ./zmcertmgr deploycrt comm /tmp/server.crt /tmp/ca_bundle.crt
-Note: The solution above works for Zimbra 5/6
-==== Troubleshooting ====
-After successfully importing the new certificate and CA bundle, I got the following error when restarting ZCS (6.0.10):
-''ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)''
-The solution is to add RapidSSL_CA_bundle.pem (the intermediate cert) to the Java keystore:
-  # /opt/zimbra/java/bin/keytool -import -alias rapidsslintca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass <password> -file /tmp/RapidSSL_CA_bundle.pem
-{{Article Footer|unknown|11/19/2009}}
 [[Category:Certificates]]
-[[Category:ZCS 6.0]]
-[[Category:ZCS 5.0]]

Installing a RapidSSL Commercial Certificate: Difference between revisions

Revision as of 16:54, 11 May 2015

Installing a RapidSSL Commercial Certificate

Purpose

Resolution

Preparing the commercial_ca.crt

Deploy the new SSL RapidSSL certificate

Additional Content

Products

Support

Learn

Community