https://wiki.zimbra.com/api.php?action=feedcontributions&user=Tmanternach&feedformat=atomZimbra :: Tech Center - User contributions [en]2024-03-28T12:58:52ZUser contributionsMediaWiki 1.39.0https://wiki.zimbra.com/index.php?title=5.x_Commercial_Certificates_Guide&diff=151735.x Commercial Certificates Guide2009-10-08T16:07:56Z<p>Tmanternach: Added a link to Verisign Secure Site certificate installation guide</p>
<hr />
<div>==Administration and CLI Tools==<br />
Zimbra offers both Administration Console and Command Line Interface (CLI) tools for installing, viewing, and managing certificates. For more information about these tools, see [[Administration Console and CLI Certificate Tools]].<br />
<br />
==Third Party Certificate Articles==<br />
The following third party certificates have their own Wiki articles with installation instructions.<br />
<br />
===Comodo SSL===<br />
See [[Installing a Comodo SSL Certificate with zmcertmgr]].<br />
<br />
===GlobalSign Certificate===<br />
See [[Installing a GlobalSign Commercial Certificate]]<br />
<br />
===GoDaddy Certificate===<br />
See [[Installing a GoDaddy Commercial Certificate on ZCS 5.0.x]].<br />
<br />
===Network Solutions Certificate===<br />
See [[Installing a Network Solutions Certificate on ZCS 5.0.x]].<br />
<br />
===Thawte SSL Certificate (SSL123 format)===<br />
See [[Installing a Thawte SSL Certificate on ZCS 5.0.x]].<br />
<br />
===Verisign===<br />
See [[Installing a Verisign Test Certificate on Zimbra Server]].<br />
<br />
See [[Installing a Verisign Secure Site Certificate]].<br />
<br />
===IPSCA Certificate===<br />
See [[Installing_a_IPSCA_Commercial_Certificate]]<br />
<br />
==Troubleshooting==<br />
If you are experiencing issues installing, viewing, or managing your certificates, see the [[:Category:Troubleshooting Certificates]] category.<br />
<br />
=Misc=<br />
*Inspect your CSR<br />
openssl req -in <server.csr> -noout -text<br />
<br />
*Inspect your certificate<br />
openssl x509 -in <server.crt> -noout -text<br />
<br />
*Clear the passphrase of the private key<br />
openssl rsa -in <server.key> -out <server.key.decr><br />
<br />
*Get Jetty keystore password<br />
zmlocalconfig -s -m nokey mailboxd_keystore_password<br />
<br />
*Create a CSR via the CLI<br />
sudo /opt/zimbra/bin/zmcertmgr createcsr <self|comm> [-new] [subject] [-subjectAltNames "host1,host2"]<br />
<br />
*View deployed certificate via the command line<br />
sudo /opt/zimbra/bin/zmcertmgr viewdeployedcrt<br />
<br />
* Convert the cert format from DER to PEM<br />
openssl x509 -in input.cer -inform DER -out output.cer -outform PEM<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 5.x|1/16/2008}}<br />
<br />
[[Category: Certificates]]</div>Tmanternachhttps://wiki.zimbra.com/index.php?title=Installing_a_Verisign_Secure_Site_Certificate&diff=15172Installing a Verisign Secure Site Certificate2009-10-08T16:05:48Z<p>Tmanternach: Created page.</p>
<hr />
<div>'''NOTE: These files only apply to a Secure Site Certificate from Verisign.'''<br />
<br />
Instructions on how to install a Secure Site Certificate on Zimbra Server:<br />
<br />
* Open a new browser window and create CSR through Zimbra Admin Console. Login to the Admin Console, click Certificates -> Install Certificate Button -> Select Target Server -> Select Generate the CSR for the commercial certificate authorizer -> create the CSR and download and save the CSR file.<br />
* Go to http://Verisign.com and create an account (or log in). Select a Secure Site certificate and follow the steps until it asks for the CSR. Open the CSR from Zimbra and copy and paste the information onto the Verisign page.<br />
* Once you successfully submit your CSR, a Secure Site Certificate will be created by Verisign and emailed to you.<br />
* Once you receive the certificate, save it as public.crt<br />
* Copy and paste the following text into a root.ca file:<br />
<pre><br />
-----BEGIN CERTIFICATE-----<br />
MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ<br />
BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh<br />
c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy<br />
MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp<br />
emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X<br />
DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw<br />
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg<br />
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo<br />
YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5<br />
MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB<br />
AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4<br />
pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0<br />
13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID<br />
AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk<br />
U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i<br />
F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY<br />
oJ2daZH9<br />
-----END CERTIFICATE-----<br />
</pre><br />
<br />
* Copy and paste the following text into a intermediate.ca file:<br />
<pre><br />
-----BEGIN CERTIFICATE-----<br />
MIIGLDCCBZWgAwIBAgIQbk/6s8XmacTRZ8mSq+hYxDANBgkqhkiG9w0BAQUFADCB<br />
wTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQL<br />
EzNDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5<br />
IC0gRzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1<br />
dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv<br />
cmswHhcNMDkwMzI1MDAwMDAwWhcNMTkwMzI0MjM1OTU5WjCBtTELMAkGA1UEBhMC<br />
VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU<br />
cnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93<br />
d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xh<br />
c3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB<br />
DwAwggEKAoIBAQDUVo9XOzcopkBj0pXVBXTatRlqltZxVy/iwDSMoJWzjOE3JPMu<br />
7UNFBY6J1/raSrX4Po1Ox/lJUEU3QJ90qqBRVWHxYISJpZ6AjS+wIapFgsTPtBR/<br />
RxUgKIKwaBLArlwH1/ZZzMtiVlxNSf8miKtUUTovStoOmOKJcrn892g8xB85essX<br />
gfMMrQ/cYWIbEAsEHikYcV5iy0PevjG6cQIZTiapUdqMZGkD3pz9ff17Ybz8hHyI<br />
XLTDe+1fK0YS8f0AAZqLW+mjBS6PLlve8xt4+GaRCMBeztWwNsrUqHugffkwer/4<br />
3RlRKyC6/qfPoU6wZ/WAqiuDLtKOVImOHikLAgMBAAGjggKpMIICpTA0BggrBgEF<br />
BQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTAS<br />
BgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4RQEHFwMwVjAo<br />
BggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAqBggrBgEF<br />
BQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1UdHwQtMCsw<br />
KaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzIuY3JsMA4GA1Ud<br />
DwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYw<br />
ITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9n<br />
by52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEaMBgGA1UE<br />
AxMRQ2xhc3MzQ0EyMDQ4LTEtNTIwHQYDVR0OBBYEFKXvCxHOwEEDo0plkEiyHOBX<br />
LX1HMIHnBgNVHSMEgd8wgdyhgcekgcQwgcExCzAJBgNVBAYTAlVTMRcwFQYDVQQK<br />
Ew5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFy<br />
eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5<br />
OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYD<br />
VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrghB92f4Hz6getxB5Z/uniTTGMA0G<br />
CSqGSIb3DQEBBQUAA4GBAGN0Lz1Tqi+X7CYRZhr+8d5BJxnSf9jBHPniOFY6H5Cu<br />
OcUgdav4bC1nHynCIdcUiGNLsJsnY5H48KMBJLb7j+M9AgtvVP7UzNvWhb98lR5e<br />
YhHB2QmcQrmy1KotmDojYMyimvFu6M+O0Ro8XhnF15s1sAIjJOUFuNWI4+D6ufRf<br />
-----END CERTIFICATE-----<br />
</pre><br />
<br />
* Go back to Admin Console and launch the Install Certificate wizard, pick the "Install the commercially signed certificate". When you are prompted to upload the certificate, select public.crt as Certificate, root.ca as Root CA, and intermediate.ca as Intermediate CA.<br />
* Click Next and then Install. Your Commercial Certificate will be installed successfully.<br />
* Restart the zimbra server.<br />
<br />
{{Article Footer|Zimbra Collaboration Suite 5.0.15|10/08/2009}}<br />
<br />
[[Category:Certificates]]</div>Tmanternach