Recreating a Self-Signed SSL Certificate in ZCS 4.5 & 5.0: Difference between revisions
mNo edit summary |
|||
Line 21: | Line 21: | ||
<tt> | <tt> | ||
(on linux:) | (on linux:) | ||
:chown zimbra:zimbra /opt/zimbra/java/jre/lib/security/cacerts | |||
:keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit<br> | :keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit<br> | ||
(on mac os x:) | (on mac os x:) | ||
Line 40: | Line 41: | ||
:zmcontrol start<br> | :zmcontrol start<br> | ||
</tt> | </tt> | ||
==unable to write random state== | ==unable to write random state== | ||
This is a "harmless" warning that openssl has no random number seed file. The [http://www.openssl.org/support/faq.html#USER1 full] [http://www.openssl.org/support/faq.html#USER2 story] is available from openssl.org. | This is a "harmless" warning that openssl has no random number seed file. The [http://www.openssl.org/support/faq.html#USER1 full] [http://www.openssl.org/support/faq.html#USER2 story] is available from openssl.org. |
Revision as of 16:55, 21 September 2006
Self Signed Certificate Instructions
If you're working with a commercial certificate, don't use this page - go here instead
To clean up SSL certificates and recreate a new self-signed cert try this.
it won't hurt to back up what you already have:
- tar -cf /tmp/zimbra-ssl-bak.tar /opt/zimbra/ssl/
as root:
- rm -rf /opt/zimbra/ssl
- mkdir /opt/zimbra/ssl
- chown zimbra:zimbra /opt/zimbra/ssl
su - zimbra
(on linux:)
- chown zimbra:zimbra /opt/zimbra/java/jre/lib/security/cacerts
- keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
(on mac os x:)
- keytool -delete -alias my_ca -keystore /System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home/lib/security/cacerts -storepass changeit
(back to everybody:)
- keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
- zmcreateca
- zmcreatecert
- zmcertinstall mailbox /opt/zimbra/ssl/ssl/server/tomcat.crt
- zmcertinstall mta /opt/zimbra/ssl/ssl/server/server.crt /opt/zimbra/ssl/ssl/server/server.key
It may be necessary to restart the Zimbra servers for the changes to take effect.
- su - zimbra
- zmcontrol stop
- zmcontrol start
unable to write random state
This is a "harmless" warning that openssl has no random number seed file. The full story is available from openssl.org.