Recreating a Self-Signed SSL Certificate in ZCS 4.5 & 5.0

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Self Signed Certificate Instructions

If you're working with a commercial certificate, don't use this page - go here instead

To clean up SSL certificates and recreate a new self-signed cert try this.

it won't hurt to back up what you already have:

tar -cf /tmp/zimbra-ssl-bak.tar /opt/zimbra/ssl/

as root:

rm -rf /opt/zimbra/ssl
mkdir /opt/zimbra/ssl
chown zimbra:zimbra /opt/zimbra/ssl

su - zimbra

(on linux:)

keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit

(on mac os x:)

keytool -delete -alias my_ca -keystore /System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home/lib/security/cacerts -storepass changeit

(back to everybody:)

keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
zmcreateca
zmcreatecert
zmcertinstall mailbox /opt/zimbra/ssl/ssl/server/tomcat.crt
zmcertinstall mta /opt/zimbra/ssl/ssl/server/server.crt /opt/zimbra/ssl/ssl/server/server.key

It may be necessary to restart the Zimbra servers for the changes to take effect.

su zimbra
zmcontrol stop
zmcontrol start

Jump to: navigation, search