Installing a StartSSL SSL Certificate with zmcertmgr: Difference between revisions
No edit summary |
(Minor formatting) |
||
Line 17: | Line 17: | ||
6.(As Root User) | 6.(As Root User) | ||
/opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt | /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt | ||
7. Restart the zimbra services | 7. Restart the zimbra services |
Revision as of 17:45, 10 January 2011
Article Information |
---|
This article applies to the following ZCS versions. |
Installing a *Free* StartSSL SSL certificate with zmcertmgr
Use the article as a guide to installing a StartSSL issued SSL certificate with the zmcertmgr tool.
1. Download the ca.pem [1] and sub.class1.server.ca.pem [2] to /tmp/
2. Cat the CA certs to form a single CA certificate chain file
cat ca.pem sub.class1.server.ca.pem > ca_bundle.crt
3. Place server certificate in /tmp/ssl.crt.
4. Place the private key in /opt/zimbra/ssl/zimbra/commercial/commercial.key
5. Deploy the commercial certificate with zmcertmgr as the root user.
cd /opt/zimbra/bin ./zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt
6.(As Root User)
/opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt
7. Restart the zimbra services
su zimbra zmcontrol stop zmcontrol start
See: CLI zmtlsctl to set Web Server Mode to enable or require web secure connections.