Installing a StartSSL SSL Certificate with zmcertmgr: Difference between revisions
(6.(As Root User) /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt) |
No edit summary |
||
Line 16: | Line 16: | ||
./zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt | ./zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt | ||
6.(As Root User) /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt | 6.(As Root User) | ||
/opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt | |||
7. Restart the zimbra services | 7. Restart the zimbra services |
Revision as of 20:11, 15 December 2010
Article Information |
---|
This article applies to the following ZCS versions. |
Installing a *Free* StartSSL SSL certificate with zmcertmgr
Use the article as a guide to installing a StartSSL issued SSL certificate with the zmcertmgr tool.
1. Download the ca.pem [1] and sub.class1.server.ca.pem [2] to /tmp/
2. Cat the CA certs to form a single CA certificate chain file
cat ca.pem sub.class1.server.ca.pem > ca_bundle.crt
3. Place server certificate in /tmp/ssl.crt.
4. Place the private key in /opt/zimbra/ssl/zimbra/commercial/commercial.key
5. Deploy the commercial certificate with zmcertmgr as the root user.
cd /opt/zimbra/bin ./zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt
6.(As Root User) /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt
7. Restart the zimbra services
su zimbra zmcontrol stop zmcontrol start
See: CLI zmtlsctl to set Web Server Mode to enable or require web secure connections.