Recreating a Self-Signed SSL Certificate in ZCS 4.5 & 5.0: Difference between revisions

mNo edit summary
No edit summary
Line 1: Line 1:
== Self Signed Certificate Instructions ==
== Self Signed Certificate Instructions ==


''If you're working with a commercial certificate, check out [[Commercial Certificates|this page]]''
''If you're working with a commercial certificate, don't use this page - go [[Commercial Certificates|here]] instead''


To clean up SSL certificates and recreate a new self-signed cert try this.
To clean up SSL certificates and recreate a new self-signed cert try this.

Revision as of 20:54, 17 April 2006

Self Signed Certificate Instructions

If you're working with a commercial certificate, don't use this page - go here instead

To clean up SSL certificates and recreate a new self-signed cert try this.

it won't hurt to back up what you already have:

tar -cf /tmp/zimbra-ssl-bak.tar /opt/zimbra/ssl/

as root:

rm -rf /opt/zimbra/ssl
mkdir /opt/zimbra/ssl
chown zimbra:zimbra /opt/zimbra/ssl

su - zimbra

(on linux:)

keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit

(on mac os x:)

keytool -delete -alias my_ca -keystore /System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home/lib/security/cacerts -storepass changeit

(back to everybody:)

keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
zmcreateca
zmcreatecert
zmcertinstall mailbox ssl/ssl/server/tomcat.crt
zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key

To install a commercial SSL certificate first remove the self-signed cert:

keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra

Then using your new certificate and key run:

zmcertinstall mailbox ssl/ssl/server/commercial.crt
zmcertinstall mta ssl/ssl/server/commercial.crt ssl/ssl/server/commercial.key

It may be necessary to restart the Zimbra servers for the changes to take effect.

su zimbra
zmcontrol stop
zmcontrol start

Jump to: navigation, search