Difference between revisions of "Recreating a Self-Signed SSL Certificate in ZCS 4.5 & 5.0"

m
(Self Signed Certificate Instructions)
Line 21: Line 21:
 
<tt>
 
<tt>
 
(on linux:)
 
(on linux:)
 +
:chown zimbra:zimbra /opt/zimbra/java/jre/lib/security/cacerts
 
:keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit<br>
 
:keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit<br>
 
(on mac os x:)
 
(on mac os x:)
Line 40: Line 41:
 
:zmcontrol start<br>
 
:zmcontrol start<br>
 
</tt>
 
</tt>
 
  
 
==unable to write random state==
 
==unable to write random state==
 
This is a "harmless" warning that openssl has no random number seed file. The [http://www.openssl.org/support/faq.html#USER1 full] [http://www.openssl.org/support/faq.html#USER2 story] is available from openssl.org.
 
This is a "harmless" warning that openssl has no random number seed file. The [http://www.openssl.org/support/faq.html#USER1 full] [http://www.openssl.org/support/faq.html#USER2 story] is available from openssl.org.

Revision as of 16:55, 21 September 2006

Self Signed Certificate Instructions

If you're working with a commercial certificate, don't use this page - go here instead

To clean up SSL certificates and recreate a new self-signed cert try this.

it won't hurt to back up what you already have:

tar -cf /tmp/zimbra-ssl-bak.tar /opt/zimbra/ssl/

as root:

rm -rf /opt/zimbra/ssl
mkdir /opt/zimbra/ssl
chown zimbra:zimbra /opt/zimbra/ssl

su - zimbra

(on linux:)

chown zimbra:zimbra /opt/zimbra/java/jre/lib/security/cacerts
keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit

(on mac os x:)

keytool -delete -alias my_ca -keystore /System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home/lib/security/cacerts -storepass changeit

(back to everybody:)

keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
zmcreateca
zmcreatecert
zmcertinstall mailbox /opt/zimbra/ssl/ssl/server/tomcat.crt
zmcertinstall mta /opt/zimbra/ssl/ssl/server/server.crt /opt/zimbra/ssl/ssl/server/server.key

It may be necessary to restart the Zimbra servers for the changes to take effect.

su - zimbra
zmcontrol stop
zmcontrol start

unable to write random state

This is a "harmless" warning that openssl has no random number seed file. The full story is available from openssl.org.

Jump to: navigation, search