Preexisting Certifcate Installation for Zimbra 6.0: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
Zimbra makes it extremely easy to install either a self-signed certificate or a commercial certificate specific to the zimbra server. If, on the other hand, you want to install a certificate you created somewhere else (such as a wildcard certificate for your domain) the procedure is a bit more involved. | Zimbra makes it extremely easy to install either a self-signed certificate or a commercial certificate specific to the zimbra server. If, on the other hand, you want to install a certificate you created somewhere else (such as a wildcard certificate for your domain) the procedure is a bit more involved. | ||
Become root, make a directory to work in | Become root, make a directory to work in and bring the files over. There are lots of ways to do this; I used scp: | ||
mkdir /root/certs | mkdir /root/certs | ||
cd /root/certs | cd /root/certs | ||
scp yaaar@otherserver.domain.com:domain.com.crt . | |||
scp yaaar@otherserver.domain.com:domain.com.key . | |||
scp yaaar@otherserver.domain.com:ca_bundle.crt . | |||
Now you need to rename the files to what Zimbra expects: | |||
mv domain.com.crt commercial.crt | |||
mv domain.com.key commercial.key | |||
mv ca_bundle.crt commercial_ca.crt | |||
Next you put the key file in two places where Zimbra expects it: | |||
cp commercial.key /opt/zimbra/ssl/zimbra | |||
mv commercial.key /opt/zimbra/ssl/zimbra/commercial | |||
Then you use Zimbra's fancy certificate importer tools. Note the password really is "changeit" ...don't be like me and screw around forever trying to figure out what to change it to. | |||
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial.key commercial.crt commercial_ca.crt | |||
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt | |||
/opt/zimbra/java/bin/keytool -import -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/conf/ca/commercial_ca.pem | |||
Then you restart Zimbra: | |||
/etc/init.d/zimbra restart |
Revision as of 23:37, 4 March 2010
Zimbra makes it extremely easy to install either a self-signed certificate or a commercial certificate specific to the zimbra server. If, on the other hand, you want to install a certificate you created somewhere else (such as a wildcard certificate for your domain) the procedure is a bit more involved.
Become root, make a directory to work in and bring the files over. There are lots of ways to do this; I used scp:
mkdir /root/certs cd /root/certs scp yaaar@otherserver.domain.com:domain.com.crt . scp yaaar@otherserver.domain.com:domain.com.key . scp yaaar@otherserver.domain.com:ca_bundle.crt .
Now you need to rename the files to what Zimbra expects:
mv domain.com.crt commercial.crt mv domain.com.key commercial.key mv ca_bundle.crt commercial_ca.crt
Next you put the key file in two places where Zimbra expects it:
cp commercial.key /opt/zimbra/ssl/zimbra mv commercial.key /opt/zimbra/ssl/zimbra/commercial
Then you use Zimbra's fancy certificate importer tools. Note the password really is "changeit" ...don't be like me and screw around forever trying to figure out what to change it to.
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial.key commercial.crt commercial_ca.crt /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt /opt/zimbra/java/bin/keytool -import -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/conf/ca/commercial_ca.pem
Then you restart Zimbra:
/etc/init.d/zimbra restart