Installing a StartSSL SSL Certificate with zmcertmgr: Difference between revisions
(Minor formatting) |
No edit summary |
||
(4 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{ | {{BC|Certified}} | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=Installing a *Free* StartSSL SSL certificate with zmcertmgr= | |||
{{KB|{{ZC}}|{{ZCS 7.0}}|{{ZCS 6.0}}|}} | |||
{{Archive}}{{WIP}} | |||
WARNING: There are numerous errors on this page. Please use the official wiki at http://wiki.zimbra.com/wiki/Administration_Console_and_CLI_Certificate_Tools#ZCS_Certificate_CLI | |||
Use the article as a guide to installing a StartSSL issued SSL certificate with the zmcertmgr tool. | Use the article as a guide to installing a StartSSL issued SSL certificate with the zmcertmgr tool. |
Latest revision as of 09:36, 12 July 2015
Installing a *Free* StartSSL SSL certificate with zmcertmgr
WARNING: There are numerous errors on this page. Please use the official wiki at http://wiki.zimbra.com/wiki/Administration_Console_and_CLI_Certificate_Tools#ZCS_Certificate_CLI
Use the article as a guide to installing a StartSSL issued SSL certificate with the zmcertmgr tool.
1. Download the ca.pem [1] and sub.class1.server.ca.pem [2] to /tmp/
2. Cat the CA certs to form a single CA certificate chain file
cat ca.pem sub.class1.server.ca.pem > ca_bundle.crt
3. Place server certificate in /tmp/ssl.crt.
4. Place the private key in /opt/zimbra/ssl/zimbra/commercial/commercial.key
5. Deploy the commercial certificate with zmcertmgr as the root user.
cd /opt/zimbra/bin ./zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt
6.(As Root User)
/opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt
7. Restart the zimbra services
su zimbra zmcontrol stop zmcontrol start
See: CLI zmtlsctl to set Web Server Mode to enable or require web secure connections.