Difference between revisions of "Preexisting Certifcate Installation for Zimbra 6.0"

(Adding article footer and categories)
Line 1: Line 1:
Zimbra makes it extremely easy to install either a self-signed certificate or a commercial certificate specific to the Zimbra server. If, on the other hand, you want to install a certificate you created somewhere else (such as a wildcard certificate for your domain) the procedure is a bit more involved.
+
{{Article Infobox|{{admin}}|{{ZCS 6.0}}||}}Zimbra makes it extremely easy to install either a self-signed certificate or a commercial certificate specific to the Zimbra server. If, on the other hand, you want to install a certificate you created somewhere else (such as a wildcard certificate for your domain) the procedure is a bit more involved.
  
 
Become root, make a directory to work in and bring the files over. There are lots of ways to do this; I used scp:
 
Become root, make a directory to work in and bring the files over. There are lots of ways to do this; I used scp:

Revision as of 20:41, 14 April 2010

Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 6.0 Article ZCS 6.0

Zimbra makes it extremely easy to install either a self-signed certificate or a commercial certificate specific to the Zimbra server. If, on the other hand, you want to install a certificate you created somewhere else (such as a wildcard certificate for your domain) the procedure is a bit more involved.

Become root, make a directory to work in and bring the files over. There are lots of ways to do this; I used scp:

mkdir /root/certs
cd /root/certs
scp user@otherserver.domain.com:domain.com.crt .
scp user@otherserver.domain.com:domain.com.key .
scp user@otherserver.domain.com:ca_bundle.crt .

Now you need to rename the files to what Zimbra expects:

mv domain.com.crt commercial.crt
mv domain.com.key commercial.key
mv ca_bundle.crt commercial_ca.crt

Next you put the key file in two places where Zimbra expects it:

cp commercial.key /opt/zimbra/ssl/zimbra
mv commercial.key /opt/zimbra/ssl/zimbra/commercial

Then you use Zimbra's fancy certificate importer tools. Note the last command spans two lines...either use the backslash as indicated, or paste both lines into one command, leaving the backslash out. Also, the password really is "changeit" ...don't be like me and screw around forever trying to figure out what to change it to.

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial.key commercial.crt commercial_ca.crt
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
/opt/zimbra/java/bin/keytool -import -alias root -keystore\
/opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/conf/ca/commercial_ca.pem

Then you restart Zimbra:

/etc/init.d/zimbra restart


Verified Against: ZCS 6.0.x Date Created: 03/04/2010
Article ID: https://wiki.zimbra.com/index.php?title=Preexisting_Certifcate_Installation_for_Zimbra_6.0 Date Modified: 2010-04-14



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search