Manage Certificate SOAP

Revision as of 10:30, 12 July 2015 by Jorge de la Cruz (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Manage Certificate SOAP

   KB 5671        Last updated on 2015-07-12  




0.00
(0 votes)

Certificate Admin Extension gives ZCS an easy way to install Certificates, either self-signed or commercial, on the ZCS server easily.

The soap commands we used in the extension are the following


urn:zimbraAdmin


  • If target Server id is "--- All Servers ---", the soap call will apply to all the servers. A flag will be set for the zmcertmgr
<GetCertRequest type="staged|all|mta|mailboxd|proxy|ldap" option="self|comm"
	server="server-id">
</GetCertRequest>

<GetCertResponse>
	<cert type="staged|mta|mailboxd|proxy|ldap" server="server-name"> 
		<name>{value}</name>*
	</cert>
</GetCertResponse>

type: (required) 
	  staged - view the staged crt
	  other options are used to view the deployed crt	
option: (optional)
	  it only matters when the type is staged.
server: (required) server id, 
Name: C, ST, L, O, OU, CN, SubjectAltName
Note: now only staged and all is handled. May need to support other options in the future
<GetCSRRequest type="self|comm" server="server-id">
	
</GetCSRRequest>
<GetCSRResponse csr_exists="0|1" isComm="0|1" server="server-name">
	<name>{value}</name>*
</GetCSRResponse>

Name: C, ST, L, O, OU, CN, SubjectAltName
csr_exits: 0 - doesn't exist, 1 - exists
isComm (Currently not working/used): is the commercially signed cert exists 0 - doesn't exist, 1 - exists
<GenCSRRequest new="0|1" type="self|comm" server="server-id" keysize="1024|2048">
  	<name>{value}</name>*
</GenCSRRequest>

<GenCSRResponse server="server-name">
	<name>{value}</name>*
</GenCSRResponse>
Request a CSR:
Subject Attributes: C, ST, L, O, OU, CN,
subject: example /C=US/ST=N_A/L=N_A/O=Zimbra Collaboration Suite/CN=admindev.zimbra.com
new: 1 - force to create a new CSR, the previous one will be overwrited
SubjectAltName: 0|*, it is used to add the Subject Alt Name extension in the certificate, so multiple hosts can be supported
<InstallCertRequest type="self|comm" server="server-id">
  	<subject>
  	    <{name}>{value}</{name}>*
  	</subject>
  	<SubjectAltName>{value}</SubjectAltName>*
  	<validation_days>{value}</validation_days> ?
  	<keysize>{1024|2048}</keysize>?
  	<comm_cert>
  		<cert>
  			<aid>{value}</aid>
  			<filename>{value></filename>
  		</cert>
  		<rootCA>
  			<aid>{value}</aid>
  			<filename>{value></filename>
  		</rootCA>?
  		<intermediateCA>
  			<aid>{value}</aid>
  			<filename>{value></filename>
  		</intermediateCA>*		
	</comm_cert>?
</InstallCertRequest>

<InstallCertResponse server="server-name" />

Ask server to install the certificates
validation_days: required, number of the validation days of the self signed certificate,
keysize: 1024|2048, key length of the self-signed certificate
aid: attachedment ID of the uploaded commercial certificate

Verified Against: Zimbra Collaboration 7.0, 6.0 Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=Manage_Certificate_SOAP Date Modified: 2015-07-12



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search