Regenerate Self-Signed SSL Certificate - Multi-Server
Regenerate Self-Signed SSL Certificate - Multi-Server
Purpose
Regenerate the SSL certificate in a Zimbra multi-server environment.
Resolution
Multi-Node Self-Signed Certificate 1. Begin by generating a new Certificate Authority (CA).
/opt/zimbra/bin/zmcertmgr createca -new /opt/zimbra/bin/zmcertmgr deployca
2. Then generate a certificate signed by the CA that expires in 365 days with either wildcard or subject altnames. Option 1
/opt/zimbra/bin/zmcertmgr createcrt -new -days 365 -subjectAltNames "*.example.com"
Option 2
/opt/zimbra/bin/zmcertmgr createcrt -new -days 365 -subject "/C=US/ST=CA/L=NVA/O=ZCS/OU=ZCS/CN=*.example.com"
Option 3
/opt/zimbra/bin/zmcertmgr createcrt -new -days 365 -subjectAltNames "host1.example.com,host2.example.come"
3. Next, deploy the certificate to all nodes in the deployment.
/opt/zimbra/bin/zmcertmgr deploycrt self -allserver
4. To finish, verify the certificate was deployed.
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
Note: The option viewdeployedcrt only works for the local server.
Additional Content
- Link to the an extended Wiki article.