Difference between revisions of "Technical-Notes"

(Checking the content of the SSL Certificate)
 
(15 intermediate revisions by one other user not shown)
Line 1: Line 1:
 +
{{BC|Community Sandbox}}
 +
__FORCETOC__
 +
<div class="col-md-12 ibox-content">
 +
=Technical Notes=
 +
{{KB|{{Unsupported}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}}
 
{{WIP}}
 
{{WIP}}
 +
 
=Single-Node Commercial Certificate=
 
=Single-Node Commercial Certificate=
 
Some theory about SSL Certificates and words that we will use in this tutorial:
 
Some theory about SSL Certificates and words that we will use in this tutorial:
Line 25: Line 31:
 
* commercial.key: The Private Key that we need to save, or do a Backup if we want to install the CRT in other Server, or restore it in case of any fail.
 
* commercial.key: The Private Key that we need to save, or do a Backup if we want to install the CRT in other Server, or restore it in case of any fail.
  
==Checking the content of the SSL Certificate==
+
==Checking the content of the CSR - SSL Certificate==
 
Now we can check trough CLI if everything in the SSL is allright with the next command:
 
Now we can check trough CLI if everything in the SSL is allright with the next command:
 
<pre>zimbra@help:/tmp# /opt/zimbra/bin/zmcertmgr viewcsr comm commercial.csr
 
<pre>zimbra@help:/tmp# /opt/zimbra/bin/zmcertmgr viewcsr comm commercial.csr
Line 164: Line 170:
  
 
Then is time to create the CSR file, in this file we need to change the name of our Private Key, our Common Name and also the alternative domains that we want to protect with our SSL.
 
Then is time to create the CSR file, in this file we need to change the name of our Private Key, our Common Name and also the alternative domains that we want to protect with our SSL.
<pre>/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=mail.domain.com" -subjectAltNames "mail.domain.com,mail2.domain.com,mail3.domain.com"
+
<pre>/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=mail.domain.com" -subjectAltNames "mail.domain.com,mail.domain2.com,mail.domain3.com"
** Generating a server csr for download comm -new -subject /C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=mail.domain.com -subjectAltNames mail.domain.com,mail2.domain.com,mail3.domain.com
+
** Generating a server csr for download comm -new -subject /C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=mail.domain.com -subjectAltNames mail.domain.com,mail.domain2.com,mail.domain3.com
 
** Creating /opt/zimbra/conf/zmssl.cnf...done
 
** Creating /opt/zimbra/conf/zmssl.cnf...done
 
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20141007154948
 
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20141007154948
Line 177: Line 183:
 
<pre>zimbra@help:/tmp# /opt/zimbra/bin/zmcertmgr viewcsr comm commercial.csr
 
<pre>zimbra@help:/tmp# /opt/zimbra/bin/zmcertmgr viewcsr comm commercial.csr
 
subject=/C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=mail.domain.com
 
subject=/C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=mail.domain.com
SubjectAltName= mail.domain.com, mail2.domain.com, mail3.domain.com</pre>
+
SubjectAltName= mail.domain.com, mail.domain2.com, mail.domain3.com</pre>
  
 
We will check the CSR that we've generated, just copy the result of this command:
 
We will check the CSR that we've generated, just copy the result of this command:
Line 208: Line 214:
 
* '''mixed''' – With this option, the user will come in trought http:// and will be redirect to https:// only for the login form, after that will be redirect to http:// again. If the user come directly trough https:// the user will be under https:// all the time.
 
* '''mixed''' – With this option, the user will come in trought http:// and will be redirect to https:// only for the login form, after that will be redirect to http:// again. If the user come directly trough https:// the user will be under https:// all the time.
 
* '''redirect''' - If the user came trough http, it will be automatically redirect to https:// and it will keep on it during all session.
 
* '''redirect''' - If the user came trough http, it will be automatically redirect to https:// and it will keep on it during all session.
=Upgrade Ubuntu 10.04 64bit to Ubuntu 12.04 64bit and update ZCS 8.0.8=
 
==Stopping the Zimbra Collaboration Services==
 
The first step in this Upgrade guide is stop our Zimbra Collaboration Services:
 
<pre>
 
    zimbra@help:/home/# zmcontrol stop
 
</pre>
 
Once we have stopped the Zimbra Collaboration services and we have a full Backup or Snapshot, we can continue.
 
==Upgrading the Ubuntu Version ==
 
In Ubutu 10, we need to install the update-manager-core if isn´t installed.
 
    root@zimbralab03:/# sudo apt-get install update-manager-core
 
Next we need to be sure that in the update manager are only selected LTS versions, check the next file, and the prompt line must be '''prompt=lts'''
 
    root@zimbralab03:/# sudo vi /etc/update-manager/release-upgrades
 
Update all the packages and dependencies before do a upgrade with the next command
 
    root@zimbralab03:/# sudo apt-get update && sudo apt-get upgrade & sudo apt-get autoremove
 
Now is time for start the Upgrade proces with the next command
 
    root@zimbralab03:/# sudo do-release-upgrade
 
The process will start and do some previous questions, for example about create an alternate SSH daemon, just in case if we lose the actual SSH connection:
 
    Continue running under SSH?
 
    This session appears to be running under ssh. It is not recommended
 
    to perform a upgrade over ssh currently because in case of failure it
 
    is harder to recover.
 
    If you continue, an additional ssh daemon will be started at port
 
    '1022'.
 
    Do you want to continue?
 
    Continue [yN] y
 
    Starting additional sshd
 
    To make recovery in case of failure easier, an additional sshd will
 
    be started on port '1022'. If anything goes wrong with the running
 
    ssh you can still connect to the additional one.
 
    To continue please press [ENTER]
 
 
After a while checking packages, the wizard will ask about the total MB to download and will require our answer, in this case we will write Y and press ENTER:
 
    Do you want to start the upgrade?
 
    5 packages are going to be removed. 69 new packages are going to be
 
    installed. 234 packages are going to be upgraded.
 
    You have to download a total of 158 M. This download will take about
 
    1 minute with your connection.
 
    Installing the upgrade can take several hours. Once the download has
 
    finished, the process cannot be canceled.
 
    Continue [yN]  Details [d]y
 
 
During the proccess, have questions like this or others, we need to take careful and '''select the default answer''', so only need to press ENTER all time:
 
    Configuration file `/etc/sysctl.conf'
 
    ==> Modified (by you or by a script) since installation.
 
    ==> Package distributor has shipped an updated version.
 
    What would you like to do about it ?  Your options are:
 
    Y or I  : install the package maintainer's version
 
    N or O  : keep your currently-installed version
 
      D    : show the differences between the versions
 
      Z    : start a shell to examine the situation
 
    The default action is to keep your current version.
 
    *** sysctl.conf (Y/I/N/O/D/Z) [default=N] ?
 
 
During the proccess will have questions prompt about delete packages, again '''select the dafult option''':
 
    Remove obsolete packages?
 
    18 packages are going to be removed.
 
    Continue [yN]  Details [d]y
 
 
And after a while, the final and good message, reboot time:
 
System upgrade is complete.
 
    Restart required
 
    To finish the upgrade, a restart is required.
 
    If you select 'y' the system will be restarted.
 
    Continue [yN] y
 
==Update Zimbra 8.0.8 with Ubuntu 12.04 package==
 
The first step is download now the correct version for our new OS, Ubuntu 14.04 LTS:
 
    [http://www.zimbra.com/downloads/os-downloads.html]Open Source Edition Download
 
    [http://www.zimbra.com/downloads/ne-downloads.html]Network Edition Download
 
Go into a root session and download the new version package:
 
    root@zimbralab03:~# wget http://files2.zimbra.com/downloads/8.0.8_GA/zcs-8.0.8_GA_6184.UBUNTU12_64.20140925165850.tgz
 
    --2014-10-25 01:40:19--  http://files2.zimbra.com/downloads/8.0.8_GA/zcs-8.0.8_GA_6184.UBUNTU12_64.20140925165850.tgz
 
    Resolving files2.zimbra.com (files2.zimbra.com)... 54.230.10.252, 54.230.10.250, 54.230.9.119, ...
 
    Connecting to files2.zimbra.com (files2.zimbra.com)|54.230.10.252|:80... connected.
 
    HTTP request sent, awaiting response... 200 OK
 
    Length: 887979105 (847M) [binary/octet-stream]
 
    Saving to: `zcs-8.0.8_GA_6184.UBUNTU12_64.20140925165850.tgz'
 
    100%[=============================================================================================================================>] 887,979,105 12.1M/s  in 44s
 
Once downloaded the package, extract it:
 
    root@zimbralab03:~# tar xzvf zcs-8.0.8_GA_6184.UBUNTU12_64.20140925165850.tgz
 
Before launch the Zimbra installation, need to install some new depencies for Ubuntu 12.04
 
    root@zimbralab03:~/zcs-8.0.8_GA_6184.UBUNTU12_64.20140925165850# apt-get install libgmp3c2 libperl5.14
 
Now launch the installation process with the -s flag option (Software only installation)
 
    root@zimbralab03:~/zcs-8.0.8_GA_6184.UBUNTU12_64.20140925165850#./install.sh -s
 
Select yes in the 2 questions about the Software License:
 
    Do you agree with the terms of the software license agreement? [N] y
 
'''Important!''' In the next step please skip it, will launch the database integrity check later:
 
    Do you want to verify message store database integrity? [Y]
 
Select Yes to this question
 
    Do you wish to upgrade? [Y]
 
Select yes to this question
 
    The system will be modified.  Continue? [N] y
 
When have this message, means that the install.sh -s finished
 
    Restoring existing configuration file from /opt/zimbra/.saveconfig/localconfig.xml...done
 
    Software Installation complete!
 
    Operations logged to /tmp/install.log.3954
 
    Run /opt/zimbra/libexec/zmsetup.pl to configure the system
 
Now launch the install.sh script, but this time '''without the -s''' option
 
    root@zimbralab03:~/zcs-8.0.8_GA_6184.UBUNTU12_64.20140925165850# ./install.sh
 
Operations logged to /tmp/install.log.13242
 
The Zimbra install process will check about the packages.
 
    Checking for existing installation...
 
    zimbra-ldap...FOUND zimbra-ldap-8.0.8.GA.6184.UBUNTU12.64
 
    zimbra-logger...FOUND zimbra-logger-8.0.8.GA.6184.UBUNTU12.64
 
    zimbra-mta...FOUND zimbra-mta-8.0.8.GA.6184.UBUNTU12.64
 
    zimbra-snmp...FOUND zimbra-snmp-8.0.8.GA.6184.UBUNTU12.64
 
    zimbra-store...FOUND zimbra-store-8.0.8.GA.6184.UBUNTU12.64
 
    zimbra-apache...FOUND zimbra-apache-8.0.8.GA.6184.UBUNTU12.64
 
    zimbra-spell...FOUND zimbra-spell-8.0.8.GA.6184.UBUNTU12.64
 
    zimbra-convertd...NOT FOUND
 
    zimbra-memcached...NOT FOUND
 
    zimbra-proxy...NOT FOUND
 
    zimbra-archiving...NOT FOUND
 
    zimbra-cluster...NOT FOUND
 
    zimbra-core...FOUND zimbra-core-8.0.8.GA.6184.UBUNTU12.64
 
    ZCS upgrade from 8.0.8 to 8.0.8 will be performed.
 
Answer yes to the 2 questons about the Software License
 
    Do you agree with the terms of the software license agreement? [N] y
 
The process will check about the prerequisites
 
    Checking for prerequisites...
 
    FOUND: NPTL
 
    FOUND: netcat-openbsd-1.89-4ubuntu1
 
    FOUND: sudo-1.8.3p1-1ubuntu3.6
 
    FOUND: libidn11-1.23-2
 
    FOUND: libpcre3-8.12-4
 
    FOUND: libgmp3c2-2:4.3.2+dfsg-2ubuntu1
 
    FOUND: libexpat1-2.0.1-7.2ubuntu1.1
 
    FOUND: libstdc++6-4.6.3-1ubuntu5
 
    FOUND: libperl5.14-5.14.2-6ubuntu2.4
 
    FOUND: libaio1-0.3.109-2ubuntu1
 
 
    Checking for suggested prerequisites...
 
    FOUND: pax
 
    FOUND: perl-5.14.2
 
    FOUND: sysstat
 
    FOUND: sqlite3
 
    Prerequisite check complete.
 
And now, we can run without problem the Database integrity, is a good practice do it before Upgrade Zimbra packages from Ubuntu 10.04 to Ubuntu 12.04
 
    Checking current number of databases...
 
    Do you want to verify message store database integrity? [Y]
 
    Verifying integrity of message store databases.  This may take a while.
 
    Starting mysqld...done.
 
    mysqld is alive
 
    No errors found
 
    mysqld is alive
 
    Stopping mysqld... done.
 
The process will ask about if continues, press yes
 
    The Zimbra Collaboration Server appears already to be installed.
 
    It can be upgraded with no effect on existing accounts,
 
    or the current installation can be completely removed prior
 
    to installation for a clean install.
 
    Do you wish to upgrade? [Y]
 
Select the packages that you want to install, in this example, without the memcached and proxy packages
 
    Select the packages to install
 
    Upgrading zimbra-core
 
    Upgrading zimbra-ldap
 
    Upgrading zimbra-logger
 
    Upgrading zimbra-mta
 
    Upgrading zimbra-snmp
 
    Upgrading zimbra-store
 
    Upgrading zimbra-apache
 
    Upgrading zimbra-spell
 
    Install zimbra-memcached [N]
 
    Install zimbra-proxy [N]
 
    Checking required space for zimbra-core
 
    Checking space for zimbra-store
 
The last question before start the installation process
 
    The system will be modified.  Continue? [N] y
 
And the process will start
 
    Shutting down zimbra mail
 
 
    Backing up the ldap database...done.
 
 
    Removing existing packages
 
 
    zimbra-ldap...done
 
    zimbra-logger...done
 
    zimbra-mta...done
 
    zimbra-snmp...done
 
    zimbra-store...done
 
    zimbra-spell...done
 
    zimbra-apache...done
 
    zimbra-core...done
 
 
    Removing deployed webapp directories
 
    Installing packages
 
 
    zimbra-core......zimbra-core_8.0.8.GA.6184.UBUNTU12.64_amd64.deb...done
 
    zimbra-ldap......zimbra-ldap_8.0.8.GA.6184.UBUNTU12.64_amd64.deb...done
 
    zimbra-logger......zimbra-logger_8.0.8.GA.6184.UBUNTU12.64_amd64.deb...done
 
    zimbra-mta......zimbra-mta_8.0.8.GA.6184.UBUNTU12.64_amd64.deb...done
 
    zimbra-snmp......zimbra-snmp_8.0.8.GA.6184.UBUNTU12.64_amd64.deb...done
 
    zimbra-store......zimbra-store_8.0.8.GA.6184.UBUNTU12.64_amd64.deb...done
 
    zimbra-apache......zimbra-apache_8.0.8.GA.6184.UBUNTU12.64_amd64.deb...done
 
    zimbra-spell......zimbra-spell_8.0.8.GA.6184.UBUNTU12.64_amd64.deb...done
 
 
The system will start to update, we can see all the progress in interactive way
 
<pre>Restoring existing configuration file from /opt/zimbra/.saveconfig/localconfig.xml...done
 
Operations logged to /tmp/zmsetup.10252014-014753.log
 
Running zmldapapplyldif...done.
 
Checking ldap status....not running.
 
Starting ldap...done.
 
Setting defaults...done.
 
Setting defaults from existing config...done.
 
Checking for port conflicts
 
Setting defaults from ldap...done.
 
Saving config in /opt/zimbra/config.23712...done.
 
Operations logged to /tmp/zmsetup.10252014-014753.log
 
Setting local config values...done.
 
Initializing core config...Setting up CA...done.
 
Deploying CA to /opt/zimbra/conf/ca ...done.
 
Setting replication password...done.
 
Setting Postfix password...done.
 
Setting amavis password...done.
 
Setting nginx password...done.
 
Creating server entry for zimbralab03.zimbra.lab...already exists.
 
Setting Zimbra IP Mode...done.
 
Saving CA in ldap ...done.
 
Saving SSL Certificate in ldap ...done.
 
Setting spell check URL...done.
 
[...]
 
Updating non-standard zimlets...
 
Finished updating non-standard zimlets.
 
Restarting mailboxd...done.
 
Skipping creation of default domain GAL sync account - existing install detected.
 
</pre>
 
In the end of the Installation, the wizard will ask us about Notify Zimbra, is always appreciated and good idea if we can do it:
 
<pre>You have the option of notifying Zimbra of your installation.
 
    This helps us to track the uptake of the Zimbra Collaboration Server.
 
    The only information that will be transmitted is:
 
The VERSION of zcs installed (8.0.8_GA_6184_UBUNTU12_64)
 
The ADMIN EMAIL ADDRESS created (admin@zimbralab03.zimbra.lab)
 
 
    Notify Zimbra of your installation? [Yes] yes
 
    Setting up zimbra crontab...done.
 
</pre>
 
And now we will have Zimbra 8.0.8 and Ubuntu 12.04 working together. We can check all the log here:
 
    Moving /tmp/zmsetup.10252014-014753.log to /opt/zimbra/log
 
    Configuration complete - press return to exit
 
 
=Upgrade Zimbra Collaboration 8.0.7 to 8.5.0 - Ubuntu 12.04=
 
==Verifying the expiration date of the SSL Certificate==
 
Zimbra Collaboration requires always, at least, a Self-Signed SSL Certificate for do the communication between the different components. The Self-Signed SSL certificate is auto-deployed once we install Zimbra Collaboration.
 
 
Is highly recommend check the SSL Certificate expiration's date, with the next command:
 
<pre>/opt/zimbra/bin/zmcertmgr viewdeployedcrt</pre>
 
If the date is near to expires, is extremely recommended re-generate the Self-Signed SSL Certificate before do the Upgrade:
 
<pre>root@help:/opt/zimbra/ssl/zimbra# /opt/zimbra/bin/zmcertmgr createca -new
 
root@help:/opt/zimbra/ssl/zimbra# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
 
root@help:/opt/zimbra/ssl/zimbra# /opt/zimbra/bin/zmcertmgr deploycrt self
 
</pre>
 
== Upgrade Instructions ==
 
The first thing that need to to, is download the proper Zimbra Collaboration Version, in this case for Ubuntu 12.04 LTS:
 
    [http://www.zimbra.com/downloads/os-downloads.html]Open Source Edition Downloads
 
    [http://www.zimbra.com/downloads/ne-downloads.html]Network Edition Downloads
 
 
Like root user, in this case /tmp, download the package to this folder:
 
<pre>    root@help:/tmp# wget http://files2.zimbra.com/downloads/8.5.0_GA/zcs-8.5.0_GA_3040.UBUNTU12_64.20140816142548.tgz
 
    HTTP request sent, awaiting response… 200 OK
 
    Length: 964955796 (920M) [binary/octet-stream]
 
    Saving to: `zcs-8.5.0_GA_3040.UBUNTU12_64.20140816142548.tgz’
 
 
    100%[=============================================================================================================================>] 964,955,796 3.11M/s  in 5m 33s
 
 
    2014-10-08 13:47:52 (2.76 MB/s) – `zcs-8.5.0_GA_3040.UBUNTU12_64.20140816142548.tgz’ saved [964955796/964955796]
 
    root@help:/tmp#</pre>
 
 
Once we've download it, is time to extract the file:
 
<pre>    root@help:/tmp# tar xzvf zcs-8.5.0_GA_3040.UBUNTU12_64.20140816142548.tgz </pre>
 
The extract may take some time, depends on which Storage we are working. Before continue with the Upgrade, we need to install a new depedency for Zimbra 8.5, the dependency is unzip:
 
<pre>    root@help:/tmp/zcs-8.5.0_GA_3040.UBUNTU12_64.20140816142548# apt-get install unzip</pre>
 
 
Now we can continue with the Upgrade, is time to execute the '''install.sh''' script:
 
<pre>    root@help:/tmp/zcs-8.5.0_GA_3040.UBUNTU12_64.20140816142548# ./install.sh
 
    Operations logged to /tmp/install.log.895
 
    Checking for existing installation…
 
    zimbra-ldap…FOUND zimbra-ldap-8.0.7.GA.6020.UBUNTU12.64
 
    zimbra-logger…FOUND zimbra-logger-8.0.7.GA.6020.UBUNTU12.64
 
    zimbra-mta…FOUND zimbra-mta-8.0.7.GA.6020.UBUNTU12.64
 
    zimbra-dnscache…NOT FOUND
 
    zimbra-snmp…FOUND zimbra-snmp-8.0.7.GA.6020.UBUNTU12.64
 
    zimbra-store…FOUND zimbra-store-8.0.7.GA.6020.UBUNTU12.64
 
    zimbra-apache…FOUND zimbra-apache-8.0.7.GA.6020.UBUNTU12.64
 
    zimbra-spell…FOUND zimbra-spell-8.0.7.GA.6020.UBUNTU12.64
 
    zimbra-convertd…NOT FOUND
 
    zimbra-memcached…NOT FOUND
 
    zimbra-proxy…NOT FOUND
 
    zimbra-archiving…NOT FOUND
 
    zimbra-cluster…NOT FOUND
 
    zimbra-core…FOUND zimbra-core-8.0.7.GA.6020.UBUNTU12.64
 
    ZCS upgrade from 8.0.7 to 8.5.0 will be performed.
 
 
Saving existing configuration file to /opt/zimbra/.saveconfig
 
</pre>
 
Once we pass all the checks, without errors, we can see the new '''EULA''', we will write '''Yes or press ENTER''' in the end, default option:
 
<pre>
 
    PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
 
    ZIMBRA, INC. (“ZIMBRA”) WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
 
    FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
 
    THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
 
    THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
 
    AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
 
    License Terms for the Zimbra Collaboration Suite:
 
 
    http://www.zimbra.com/license/zimbra-public-eula-2-5.html
 
 
    Do you agree with the terms of the software license agreement? [N] y
 
</pre>
 
Now Zimbra Collaboration will check all of the Zimbra Collaboration prerequisites:
 
<pre>
 
    Checking for prerequisites…
 
    FOUND: NPTL
 
    FOUND: netcat-openbsd-1.89-4ubuntu1
 
    FOUND: sudo-1.8.3p1-1ubuntu3.4
 
    FOUND: libidn11-1.23-2
 
    FOUND: libpcre3-8.12-4
 
    FOUND: libgmp3c2-2:4.3.2+dfsg-2ubuntu1
 
    FOUND: libexpat1-2.0.1-7.2ubuntu1.1
 
    FOUND: libstdc++6-4.6.3-1ubuntu5
 
    FOUND: libperl5.14-5.14.2-6ubuntu2.4
 
    FOUND: libaio1-0.3.109-2ubuntu1
 
    FOUND: resolvconf-1.63ubuntu16
 
    FOUND: unzip-6.0-4ubuntu2
 
 
    Checking for suggested prerequisites…
 
    FOUND: pax
 
    FOUND: perl-5.14.2
 
    FOUND: sysstat
 
    FOUND: sqlite3
 
    Prerequisite check complete.
 
    Checking current number of databases…
 
</pre>
 
We always recommend do the Database Integrity Check. We can take some minutes, sometimes hours, depends of the size and the number of errors, in case that we have, keep calm:
 
<pre>
 
    Do you want to verify message store database integrity? [Y]
 
    Verifying integrity of message store databases.  This may take a while.
 
    Starting mysqld…done.
 
    mysqld is alive
 
    No errors found
 
    mysqld is alive
 
    Stopping mysqld… done.
 
</pre>
 
In this step we can add some additional packages in case that we want it, in this case, we will not select any new package:
 
<pre>
 
    Checking for installable packages
 
 
    Found zimbra-core
 
    Found zimbra-ldap
 
    Found zimbra-logger
 
    Found zimbra-mta
 
    Found zimbra-dnscache
 
    Found zimbra-snmp
 
    Found zimbra-store
 
    Found zimbra-apache
 
    Found zimbra-spell
 
    Found zimbra-memcached
 
    Found zimbra-proxy
 
</pre>
 
If we are totally sure that everything is allright, and we can continue with the Upgrade, then we need to select '''Yes'''.
 
<pre>
 
    The Zimbra Collaboration Server appears already to be installed.
 
    It can be upgraded with no effect on existing accounts,
 
    or the current installation can be completely removed prior
 
    to installation for a clean install.
 
 
    Do you wish to upgrade? [Y]
 
 
    Select the packages to install
 
    Upgrading zimbra-core
 
    Upgrading zimbra-ldap
 
    Upgrading zimbra-logger
 
    Upgrading zimbra-mta
 
 
    Install zimbra-dnscache [N]
 
    Upgrading zimbra-snmp
 
    Upgrading zimbra-store
 
    Upgrading zimbra-apache
 
    Upgrading zimbra-spell
 
 
    Install zimbra-memcached [N]
 
 
    Install zimbra-proxy [N]
 
    Checking required space for zimbra-core
 
    Checking space for zimbra-store
 
    Checking required packages for zimbra-store
 
    zimbra-store package check complete.
 
 
    Installing:
 
    zimbra-core
 
    zimbra-ldap
 
    zimbra-logger
 
    zimbra-mta
 
    zimbra-snmp
 
    zimbra-store
 
    zimbra-apache
 
    zimbra-spell
 
</pre>
 
Once again, Zimbra do double check, and if we are complete sure that we want to upgrade, please write Y for continue with the process:
 
<pre>
 
    The system will be modified.  Continue? [N] y
 
    Shutting down zimbra mail
 
    Backing up the ldap database…done.
 
    Removing existing packages
 
    zimbra-ldap…done
 
    zimbra-logger…done
 
    zimbra-mta…done
 
    zimbra-snmp…done
 
    zimbra-store…done
 
    zimbra-spell…done
 
    zimbra-apache…done
 
    zimbra-core…done
 
 
Removing deployed webapp directories
 
Installing packages
 
 
zimbra-core……zimbra-core_8.5.0.GA.3040.UBUNTU12.64_amd64.deb…done
 
zimbra-ldap……zimbra-ldap_8.5.0.GA.3040.UBUNTU12.64_amd64.deb…done
 
zimbra-logger……zimbra-logger_8.5.0.GA.3040.UBUNTU12.64_amd64.deb…done
 
zimbra-mta……zimbra-mta_8.5.0.GA.3040.UBUNTU12.64_amd64.deb…done
 
zimbra-snmp……zimbra-snmp_8.5.0.GA.3040.UBUNTU12.64_amd64.deb…done
 
zimbra-store……zimbra-store_8.5.0.GA.3040.UBUNTU12.64_amd64.deb…done
 
zimbra-apache……zimbra-apache_8.5.0.GA.3040.UBUNTU12.64_amd64.deb…done
 
zimbra-spell……zimbra-spell_8.5.0.GA.3040.UBUNTU12.64_amd64.deb…done
 
</pre>
 
Zimbra Collaboration starts to upgrading, also the LDAP, etc, we can follow all the process in interactive way:
 
<pre>
 
    Upgrading from 8.0.7_GA_6020 to 8.5.0_GA_3040
 
    Stopping zimbra services…done.
 
    This appears to be 8.0.7_GA
 
    Starting mysql…done.
 
    Checking ldap status…not running.
 
    Checking ldap status…not running.
 
    Starting ldap…done.
 
    Checking ldap status…already running.
 
    Running mysql_upgrade…done.
 
    Schema upgrade required from version 92 to 103.
 
    Running /opt/zimbra/libexec/scripts/migrate20130226_alwayson.pl
 
    Tue Aug 26 18:59:38 2014: Verified schema version 92.
 
    Tue Aug 26 18:59:39 2014: Verified schema version 92.
 
    Tue Aug 26 18:59:39 2014: Updating DB schema version from 92 to 100.
 
    Running /opt/zimbra/libexec/scripts/migrate20140319-MailItemPrevFolders.pl
 
    Tue Aug 26 18:59:42 2014: Verified schema version 100.
 
    Tue Aug 26 18:59:43 2014: Migrating mboxgroup1.  This can take a substantial amount of time…
 
    Tue Aug 26 18:59:44 2014: done.
 
</pre>
 
Near the end, we can see from which Versions we can upgrade, just info:
 
<pre>
 
    Stopping mysql…done.
 
    Updating from 8.0.8_GA
 
    Updating from 8.5.0_BETA1
 
    Updating from 8.5.0_BETA2
 
    Updating from 8.5.0_BETA3
 
    Updating from 8.5.0_GA
 
    Updating global config and COS’s with attributes introduced after 8.0.7_GA…done.
 
    Stopping ldap…done.
 
    Upgrade complete.
 
</pre>
 
In the end of the Installation, the wizard will ask us about Notify Zimbra, is always appreciated and good idea if we can do it.
 
<pre>
 
    You have the option of notifying Zimbra of your installation.
 
    This helps us to track the uptake of the Zimbra Collaboration Server.
 
    The only information that will be transmitted is:
 
    The VERSION of zcs installed (8.5.0_GA_3040_UBUNTU12_64)
 
    The ADMIN EMAIL ADDRESS created (admin@YYYYYIIII.es)
 
    Notify Zimbra of your installation? [Yes] yes
 
</pre>
 
The last message is the pat to the Log file if we can check or save our process:
 
<pre>
 
    Moving /tmp/zmsetup08262014-185850.log to /opt/zimbra/log
 
    Configuration complete – press return to exit
 
</pre>
 
=Upgrade Ubuntu 12.04 to Ubuntu 14.04 and update ZCS 8.5.0=
 
{{note}} Is very important before continue with this process, take a Snapshot or do a Full Backup of your System.
 
==Stopping the Zimbra Collaboration Services==
 
The first step in this Upgrade guide is stop our Zimbra Collaboration Services:
 
<pre>
 
    zimbra@help:/home/# zmcontrol stop
 
</pre>
 
Once we have stopped the Zimbra Collaboration services and we have a full Backup or Snapshot, we can continue.
 
==Upgrading the Ubuntu Version ==
 
For Upgrade the Ubuntu version, in root session we will execute this command:
 
<pre>
 
    root@help:/home/# do-release-upgrade
 
</pre>
 
This process will start and do some previous questions, for example it will ask us about create an alternate SSH daemon, just in case if we lose the actual SSH connection:
 
<pre>
 
    Continue running under SSH?
 
    This session appears to be running under ssh. It is not recommended
 
    to perform a upgrade over ssh currently because in case of failure it
 
    is harder to recover.
 
    If you continue, an additional ssh daemon will be started at port
 
    ‘1022’.
 
    Do you want to continue?
 
    Continue [yN] y
 
    Starting additional sshd
 
    To make recovery in case of failure easier, an additional sshd will
 
    be started on port ‘1022’. If anything goes wrong with the running
 
    ssh you can still connect to the additional one.
 
    If you run a firewall, you may need to temporarily open this port. As
 
    this is potentially dangerous it’s not done automatically. You can
 
    open the port with e.g.:
 
    ‘iptables -I INPUT -p tcp –dport 1022 -j ACCEPT’
 
    To continue please press [ENTER]
 
</pre>
 
After a while checking packages, the wizard will ask about the total MB to download and will require our answer, in this case we will write '''Y''' and press '''ENTER''':
 
<pre>
 
    Do you want to start the upgrade?
 
    2 packages are going to be removed. 113 new packages are going to be
 
    installed. 380 packages are going to be upgraded.
 
    You have to download a total of 216 M. This download will take about
 
    5 minutes with your connection.
 
    Installing the upgrade can take several hours. Once the download has
 
    finished, the process cannot be canceled.
 
    Continue [yN]  Details [d]y
 
</pre>
 
The Wizard will ask us during the process some questions with Yes or No for answer it, we will let the default Answer:
 
<pre>
 
    Unpacking replacement libc6 …
 
    Processing triggers for ureadahead …
 
    Processing triggers for man-db …
 
    Setting up libc6 (2.19-0ubuntu6.1) …
 
    Generating locales…
 
    en_AG.UTF-8… done
 
    en_AU.UTF-8… done
 
    en_BW.UTF-8… done
 
    en_CA.UTF-8… done
 
    en_DK.UTF-8… done
 
    en_GB.UTF-8… done
 
    en_HK.UTF-8… done
 
    en_IE.UTF-8… done
 
    en_IN.UTF-8… done
 
    en_NG.UTF-8… done
 
    en_NZ.UTF-8… done
 
    en_PH.UTF-8… done
 
    en_SG.UTF-8… done
 
    en_US.UTF-8… done
 
    en_ZA.UTF-8… done
 
    en_ZM.UTF-8… done
 
    en_ZW.UTF-8… done
 
    Generation complete.
 
</pre>
 
We will have questions like this, we need to take careful and select the default answer, so we only need to press ENTER all time:
 
<pre>
 
    Configuration file `/etc/security/limits.conf’
 
    ==> Modified (by you or by a script) since installation.
 
    ==> Package distributor has shipped an updated version.
 
    What would you like to do about it ?  Your options are:
 
    Y or I  : install the package maintainer’s version
 
    N or O  : keep your currently-installed version
 
    D    : show the differences between the versions
 
    Z    : start a shell to examine the situation
 
    The default action is to keep your current version.
 
    *** limits.conf (Y/I/N/O/D/Z) [default=N] ?
 
</pre>
 
Also, we will have questions prompt us about delete packages, again we will select the dafult answer:
 
<pre>
 
    Remove obsolete packages?
 
    22 packages are going to be removed.
 
    Continue [yN]  Details [d]y
 
</pre>
 
And after a while, the final and good message, reboot time:
 
<pre>
 
    System upgrade is complete.
 
    Restart required
 
    To finish the upgrade, a restart is required.
 
    If you select ‘y’ the system will be restarted.
 
    Continue [yN] y
 
</pre>
 
Once we do a reboot, we will have Ubuntu 14.04 LTS running in our System:
 
<pre>
 
    Distributor ID: Ubuntu
 
    Description:    Ubuntu 14.04.1 LTS
 
    Release:        14.04
 
    Codename:      trusty
 
</pre>
 
==Update Zimbra 8.5.0 with Ubuntu 14.04 package==
 
The first step is download now the correct version for our new OS, Ubuntu 14.04 LTS:
 
    [http://www.zimbra.com/downloads/os-downloads.html]Open Source Edition Download
 
    [http://www.zimbra.com/downloads/ne-downloads.html]Network Edition Download
 
Go into a root session and download the new version package, in this example I will use the '''/home''' folder:
 
<pre>
 
    root@help:/home# wget http://files2.zimbra.com/downloads/8.5.0_GA/zcs-8.5.0_GA_3040.UBUNTU14_64.20140816142548.tgz
 
    HTTP request sent, awaiting response… 200 OK
 
    Length: 964955796 (920M) [binary/octet-stream]
 
    Saving to: `zcs-8.5.0_GA_3040.UBUNTU14_64.20140816142548.tgz’
 
 
    100%[=============================================================================================================================>] 964,955,796 3.11M/s  in 5m 33s
 
 
    2014-10-08 14:47:52 (2.76 MB/s) – `zcs-8.5.0_GA_3040.UBUNTU14_64.20140816142548.tgz’ saved [964955796/964955796]
 
    root@help:/home#
 
<pre>
 
Once we've downloaded the package, is time for extract it:
 
<pre>
 
    root@help:/home/# tar xzvf zcs-8.5.0_GA_3040.UBUNTU14_64.20140816142548.tgz
 
</pre>
 
We need to install also a new dependency, perl5.18, if not we will obtain an error during the install process:
 
<pre>
 
    root@help:/home# apt-get install libperl5.18
 
</pre>
 
And now, we are ready to launch the '''install.sh''' script:
 
<pre>
 
    Operations logged to /tmp/install.log.1821
 
    Checking for existing installation…
 
    zimbra-ldap…FOUND zimbra-ldap-8.5.0.GA.3040.UBUNTU12.64
 
    zimbra-logger…FOUND zimbra-logger-8.5.0.GA.3040.UBUNTU12.64
 
    zimbra-mta…FOUND zimbra-mta-8.5.0.GA.3040.UBUNTU12.64
 
    zimbra-dnscache…NOT FOUND
 
    zimbra-snmp…FOUND zimbra-snmp-8.5.0.GA.3040.UBUNTU12.64
 
    zimbra-store…FOUND zimbra-store-8.5.0.GA.3040.UBUNTU12.64
 
    zimbra-apache…FOUND zimbra-apache-8.5.0.GA.3040.UBUNTU12.64
 
    zimbra-spell…FOUND zimbra-spell-8.5.0.GA.3040.UBUNTU12.64
 
    zimbra-convertd…NOT FOUND
 
    zimbra-memcached…NOT FOUND
 
    zimbra-proxy…NOT FOUND
 
    zimbra-archiving…NOT FOUND
 
    zimbra-cluster…NOT FOUND
 
    zimbra-core…FOUND zimbra-core-8.5.0.GA.3040.UBUNTU12.64
 
    ZCS upgrade from 8.5.0 to 8.5.0 will be performed.
 
 
    Saving existing configuration file to /opt/zimbra/.saveconfig
 
</pre>
 
Once the wizard complete the check, we can see the EULA, we need to write '''Y''' and press '''ENTER''':
 
<pre>
 
    PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
 
    ZIMBRA, INC. (“ZIMBRA”) WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
 
    FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
 
    THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
 
    THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
 
    AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
 
 
License Terms for the Zimbra Collaboration Suite:
 
 
http://www.zimbra.com/license/zimbra-public-eula-2-5.html
 
 
Do you agree with the terms of the software license agreement? [N] y
 
</pre>
 
Is time now for check if all the prerequisites are installed already:
 
<pre>
 
    Checking for prerequisites…
 
    FOUND: NPTL
 
    FOUND: netcat-openbsd-1.105-7ubuntu1
 
    FOUND: sudo-1.8.9p5-1ubuntu1
 
    FOUND: libidn11-1.28-1ubuntu2
 
    FOUND: libpcre3-1:8.31-2ubuntu2
 
    FOUND: libgmp10-2:5.1.3+dfsg-1ubuntu1
 
    FOUND: libexpat1-2.1.0-4ubuntu1
 
    FOUND: libstdc++6-4.8.2-19ubuntu1
 
    FOUND: libperl5.18-5.18.2-2ubuntu1
 
    FOUND: libaio1-0.3.109-4
 
    FOUND: resolvconf-1.69ubuntu1.1
 
    FOUND: unzip-6.0-9ubuntu1
 
 
Checking for suggested prerequisites…
 
FOUND: pax
 
FOUND: perl-5.18.2
 
FOUND: sysstat
 
FOUND: sqlite3
 
Prerequisite check complete.
 
</pre>
 
We can run again the Database Integrity Check, it will takes some minutes or hours, depends of the size of it and also if the system found some errors:
 
<pre>
 
    Checking current number of databases
 
    Do you want to verify message store database integrity? [Y] y
 
</pre>
 
Once again, we can add some new packages to our system, but the regular way is not install any new package during this Upgrade time:
 
<pre>Checking for installable packages
 
 
    Found zimbra-core
 
    Found zimbra-ldap
 
    Found zimbra-logger
 
    Found zimbra-mta
 
    Found zimbra-dnscache
 
    Found zimbra-snmp
 
    Found zimbra-store
 
    Found zimbra-apache
 
    Found zimbra-spell
 
    Found zimbra-memcached
 
    Found zimbra-proxy
 
 
The Zimbra Collaboration Server appears already to be installed.
 
It can be upgraded with no effect on existing accounts,
 
or the current installation can be completely removed prior
 
to installation for a clean install.
 
</pre>
 
The wizard will ask us if we are sure that we want to Upgrade, per default is Y we only need to press ENTER,also here we can add the additional packages if we want:
 
<pre>
 
    Do you wish to upgrade? [Y]
 
 
    Select the packages to install
 
    Upgrading zimbra-core
 
    Upgrading zimbra-ldap
 
    Upgrading zimbra-logger
 
    Upgrading zimbra-mta
 
 
    Install zimbra-dnscache [N]
 
    Upgrading zimbra-snmp
 
    Upgrading zimbra-store
 
    Upgrading zimbra-apache
 
    Upgrading zimbra-spell
 
 
    Install zimbra-memcached [N]
 
 
    Install zimbra-proxy [N]
 
    Checking required space for zimbra-core
 
    Checking space for zimbra-store
 
    Checking required packages for zimbra-store
 
    zimbra-store package check complete.
 
 
    Installing:
 
    zimbra-core
 
    zimbra-ldap
 
    zimbra-logger
 
    zimbra-mta
 
    zimbra-snmp
 
    zimbra-store
 
    zimbra-apache
 
    zimbra-spell
 
</pre>
 
The double check of zimbra will ask us again if we are really sure that we want to Upgrade the Zimbra Collaboration System:
 
<pre>
 
    The system will be modified.  Continue? [N] y
 
    Shutting down zimbra mail
 
    Backing up the ldap database…done.
 
    Removing existing packages
 
    zimbra-ldap…done
 
    zimbra-logger…done
 
    zimbra-mta…done
 
    zimbra-snmp…done
 
    zimbra-store…done
 
    zimbra-spell…done
 
    zimbra-apache…done
 
    zimbra-core…done
 
    Removing deployed webapp directories
 
    Installing packages
 
    zimbra-core……zimbra-core_8.5.0.GA.3040.UBUNTU14.64_amd64.deb…done
 
    zimbra-ldap……zimbra-ldap_8.5.0.GA.3040.UBUNTU14.64_amd64.deb…done
 
    zimbra-logger……zimbra-logger_8.5.0.GA.3040.UBUNTU14.64_amd64.deb…done
 
    zimbra-mta……zimbra-mta_8.5.0.GA.3040.UBUNTU14.64_amd64.deb…done
 
    zimbra-snmp……zimbra-snmp_8.5.0.GA.3040.UBUNTU14.64_amd64.deb…done
 
    zimbra-store……zimbra-store_8.5.0.GA.3040.UBUNTU14.64_amd64.deb…done
 
    zimbra-apache……zimbra-apache_8.5.0.GA.3040.UBUNTU14.64_amd64.deb…done
 
    zimbra-spell……zimbra-spell_8.5.0.GA.3040.UBUNTU14.64_amd64.deb…done
 
</pre>
 
The system will start to update, we can see all the progress in interactive way:
 
<pre>
 
    Restoring existing configuration file from /opt/zimbra/.saveconfig/localconfig.xml…done
 
    Operations logged to /tmp/zmsetup08272014-130758.log
 
    Checking ldap status….not running.
 
    Starting ldap…done.
 
    Setting defaults…done.
 
    Setting defaults from existing config…done.
 
    Checking for port conflicts
 
    Setting defaults from ldap…done.
 
    Saving config in /opt/zimbra/config.12706…done.
 
    Operations logged to /tmp/zmsetup08272014-130758.log
 
    Setting local config values…done.
 
    Initializing core config…Setting up CA…done.
 
    Deploying CA to /opt/zimbra/conf/ca …done.
 
    Setting replication password…done.
 
    Setting Postfix password…done.
 
    Setting amavis password…done.
 
    Setting nginx password…done.
 
    Creating server entry for help.zimbra.com…already exists.
 
    Setting Zimbra IP Mode…done.
 
    Saving CA in ldap …done.
 
    Saving SSL Certificate in ldap …done.
 
    Setting spell check URL…done.
 
    [...]
 
    Finished updating non-standard zimlets.
 
    Restarting mailboxd…done.
 
    Skipping creation of default domain GAL sync account – existing install detected.
 
</pre>
 
In the end of the Installation, the wizard will ask us about Notify Zimbra, is always appreciated and good idea if we can do it:
 
<pre>
 
    You have the option of notifying Zimbra of your installation.
 
    This helps us to track the uptake of the Zimbra Collaboration Server.
 
    The only information that will be transmitted is:
 
    The VERSION of zcs installed (8.5.0_GA_3040_UBUNTU14_64)
 
    The ADMIN EMAIL ADDRESS created (admin@help.zimbra.com)
 
    Notify Zimbra of your installation? [Yes]
 
</pre>
 
And now we will have Zimbra 8.5.0 and Ubuntu 14.04 working together. We can check all the log here:
 
<pre>
 
    Setting up zimbra crontab…done.
 
    Moving /tmp/zmsetup08272014-130758.log to /opt/zimbra/log
 
    Configuration complete – press return to exit
 
</pre>
 
{|  width="100%" border="0"
 
|  bgcolor="orange" | [[Image:Attention.png]] - This article is NOT official Zimbra documentation. It is a user contribution and may include unsupported customizations, references, suggestions, or information. This Step-by-Step is not taking care about the Apache, or other kind of Software that you maybe have inside the Server. This steps are just for Upgrade Zimbra Collaboration
 
|}
 
  
 
=Zimlet LinkedIn Images=
 
=Zimlet LinkedIn Images=
==Description==
+
[[Zimlet_LinkedIn_Images|This article has been moved to the next Link]]
The Zimlet LinkedIn Images us permit merge our LinkedIn account with our contacts, and in the end have the picture of our Contacts and show it automatically in our Zimbra Web Client.
 
 
 
==Configuration==
 
The Zimlet LinkedIn Images came with the last Release of Zimbra 8.5, and it's free, we can use it in Open Source Edition and also in Network Edition. But, first, we need to modify one file and also do some stuff in LinkedIn.
 
 
 
==LinkedIn API Key==
 
For have our Zimlet working, frist we need an LinkedIn API Key, is only once and any IT Administrator in our Company can do it for free if have LinkedIn account.
 
 
 
*We need to go to [https://www.linkedin.com/secure/developer] and Login with our credentials
 
*We need to fill the fields with our Information, an example (sorry for the spanish content but my LinkedIn account is in spanish) Change my domain for yours.
 
[[File:Zimbra-linkedin-006.png]]
 
[[File:Zimbra-linkedin-007.png]]
 
 
 
Next and very important is fill the next fields with this information, like here, change my domain for yours.
 
<pre>http://localhost:7070,https://labjorge.zimbra.lab,http://host.local</pre>
 
[[File:Zimbra-linkedin-008.png]]
 
 
 
Congratulations, you will obtain your LinkedIn API KEY, Secret Key, etc. We will only need the LinkedI API KEY
 
 
 
==Configuring & Installing the Zimlet==
 
*Download the Zimlet from your own Zimbra server, you will found it in the next path:
 
<pre>/opt/zimbra/zimlets/com_zimbra_linkedinimage.zip</pre>
 
*Edit the file called com_zimbra_linkedinimage.xml and change the next variable with your own LinkedIn API KEY
 
<pre><property type="string" name="linkedinZimlet_api_key" value="LINKEDIN API KEY HERE"/></pre>
 
  
*Save all of your files in a zip called '''com_zimbra_linkedinimage.zip''' with all of the files inside, no folders, just all the files.
 
*Go to your Zimbra Collaboration Administration Console, '''Configure>Zimlets''' and select the '''LinkedIn Image Zimlet''' and '''First Toggle Status''' for disable and second '''Undeploy'''
 
[[File:Zimbra-linkedin-009.png]]
 
*Then click in the right gaf icon, and Deploy your new and fresh '''com_zimbra_linkedinimage.zip''' cooked by yourself, be sure to mark the '''checkbox for flush the zimlet cache'''
 
[[File:Zimbra-linkedin-010.png]]
 
 
==Configuring & Using in our Web Client==
 
*Well done! Is time to do F5 in your Web Browser and time to play!
 
[[File:Zimbra-linkedin-000.png]]
 
*Now the Zimlet will requires our credentials of Linkedin. For each user their credentials, the Linkedin API KEY is only generated once.
 
[[File:Zimbra-linkedin-001.png]]
 
*Next we will push in Start Scanning, and all of our Zimbra contacts that match with our LinkedIn Contacts will be updated with picture.
 
[[File:Zimbra-linkedin-002.png]]
 
*We will see the resume of the operation.
 
[[File:Zimbra-linkedin-003.png]]
 
*And if we go to any of our contacts, and also we have this contact in Linkeding we will see him/her like that:
 
[[File:Zimbra-linkedin-004.png]]
 
 
That's all
 
 
=VMware HA script in Zimbra Collaboration=
 
=VMware HA script in Zimbra Collaboration=
Zimbra introduce VMware HA scripts in Zimbra 8. This feature is only available in Network Edition, so Open Source users can't use it.
+
[[VMware_HA_script_in_Zimbra_Collaboration|This article has been moved to the next Link]]
This vmware-ha service works combine with VMware vSphere HA VM Monitoring and offer us the possibility to restart our Zimbra VM when any Zimbra service was down during the heartbeat defined time.
 
The zmhactl script starts /opt/zimbra/libexec/vmware-heartbeat, which runs as a service (continuously), and interacts with VMware HA by running /opt/zimbra/libexec/vmware-appmonitor with different arguments (so zmhactl -> vmware-heartbeat -> vmware-appmonitor -> VMware HA).
 
*A. When the vmware-heartbeat script starts, it sends a vmware-appmonitor "enable" signal
 
*B. While running it does the following on a set schedule (every 15 seconds). This is supposedly configurable with localconfig vmware_heartbeat_interval, but it doesn't look like zmhactl actually uses that.
 
**i. runs vmware-appmonitor "isEnabled" to verify that application monitoring is enabled
 
**ii. runs "zmcontrol status" and checks the return code
 
**iii. if the status is OK then it sends vmware-appmonitor "markActive"
 
*C. When vmware-heartbeat is stopped, it sends a vmware-appmonitor "disable" signal
 
 
 
==VMware vSphere HA VM Monitoring==
 
Let's go to some basic information about VMware vSphere HA VM Monitoring, [http://blogs.vmware.com/vsphere/2014/03/vsphere-ha-vm-monitoring-back-basics.html based in the official information].
 
'''What is vSphere HA VM monitoring?''' HA VM monitoring will restart a VM if:
 
*That VMs VMware Tools heartbeats are not received in a set period of time (see below for details) '''and'''
 
*The VM isn't generating any storage or network IO (for 120 seconds by default, though this can be changed using the following advanced cluster level setting: das.iostatsInterval)
 
 
 
When exactly will the VM be reset? There are 3 built in presets (Low, Medium & High) and the option to select custom settings for any of these options.
 
{| style="width:100%" border="1" cellpadding="5" cellspacing="0"
 
! style="font-weight: bold;" |
 
! style="font-weight: bold;" style="color:white;" bgcolor="#1785c2" | Failure Interval
 
! style="font-weight: bold;" style="color:white;" bgcolor="#1785c2" | Minimum uptime
 
! style="font-weight: bold;" style="color:white;" bgcolor="#1785c2" | Maximum per-VM resets
 
! style="font-weight: bold;" style="color:white;" bgcolor="#1785c2" | Maximum resets time window
 
|-
 
! align="left" style="color:white;" bgcolor="#f15a25"| Low
 
| style="text-align: center;" | 120 secs
 
| style="text-align: center;" | 480 secs
 
| style="text-align: center;" | 3
 
| style="text-align: center;" | 7 days
 
|-
 
! align="left" style="color:white;" bgcolor="#f15a25"| Medium
 
| style="text-align: center;" | 60 secs
 
| style="text-align: center;" | 240 secs
 
| style="text-align: center;" | 3
 
| style="text-align: center;" | 24 hours
 
|-
 
! align="left" style="color:white;" bgcolor="#f15a25"| High
 
| style="text-align: center;" | 30 secs
 
| style="text-align: center;" | 120 secs
 
| style="text-align: center;" | 3
 
| style="text-align: center;" | 1 hour
 
|}
 
'''What do the different options mean?'''
 
*Failure interval: HA will restart the VM if the VM heartbeat has not been received in this interval
 
*Minimum uptime: HA will wait this long after a VM is started to begin monitoring for VM tools heartbeats, storage and network IO
 
*Maximum per-VM resets: HA will restart the VM a maximum of this many times within the “Maximum resets time window”
 
*Maximum resets time window: (see “Maximum per-VM resets” above)
 
==How to activate it in Zimbra Collaboration==
 
The first step after the theory is activate it in our Zimbra different VM, we can check first if it's activated
 
    [zimbra@archiving ~]$ zmprov gs `zmhostname` zimbraServiceInstalled | grep vmware-ha
 
If not we can enable it with trough CLI
 
    [zimbra@mail ~]$ zmprov ms `zmhostname` +zimbraServiceEnabled vmware-ha
 
    [zimbra@mail ~]$ zmhactl start
 
Also we can enable it trough Admin Console '''Home>Configure>Servers''' (select the server that we want to activate the vmware-ha) and then click in '''Services>VMware HA Heartbeat'''
 
[[File:Zimbra-vmware-ha-001.PNG]]
 
==How to activate vSphere HA VM Monitoring==
 
We can follow two ways to activate it in VMware vSphere; vSphere Client or vSphere web Client.
 
===vSphere Client===
 
In our VMware vSphere Cluster and '''right-click>Edit Settings''':
 
 
 
[[File:Zimbra-vmware-ha-002.png]]
 
 
 
We need to have activated VMware vSphere HA functionality, and go to VM Monitoring, mark the option '''VM and Application Monitoring''' for be able to activate the '''Application Monitoring'''.
 
In this moment, select the best '''Monitoring sensitivity''' for your environment is out of the Scope of the Zimbra Wiki and you need to have deep understand in VMware for select the best option for your Infrastructure.
 
We are selecting the '''Low Monitoring sensitivity''', but in the VM, or VMs that we want to activate the Zimbra vmware-ha, will select '''VM Monitoring High, with Application Monitoring also''' activated.
 
[[File:Zimbra-vmware-ha-003.png]]
 
 
 
Also we can personalize and configure the best time for our Zimbra VM, if we select Custom VM Monitoring Settings.
 
 
 
[[File:Zimbra-vmware-ha-004.png]]
 
  
===vSphere web Client===
+
=Migrate from cPanel/Plesk to Zimbra Collaboration 8.0.x 8.x=
We can follow the same steps but in the new vSphere Web client, [http://blogs.vmware.com/vsphere/2014/03/vsphere-ha-vm-monitoring-back-basics.html following these steps].
+
[[Migrate_from_cPanel/Plesk_to_Zimbra_Collaboration_8.0.x_or_8.x|This article has been moved to the next Link]]
  
==Testing the Zimbra vmware-ha script==
+
{{Article Footer|Zimbra Collaboration 8.0, 7.0|01/1/2015}}
We've selected High option, is time to test it in our Zimbra VM, we will stop one Zimbra service intentionally, for test it.
 
    [zimbra@mail~]$ zmmailboxdctl stop
 
And when the time conditions happen, vSphere HA will restart the VM and we will have a Log action into our vSphere Server
 
[[File:Zimbra-vmware-ha-005.png]]
 
==Log File==
 
The Zimbra vmware-ha script log everything in the next log
 
    root@mail:/home/oper# tail -f /opt/zimbra/log/vmware-heartbeat.log
 
And the result of the Log File will be like this:
 
    Fri Oct 24 17:59:49 2014: Checking ZCS status
 
    Fri Oct 24 17:59:51 2014: Sending heartbeat to VM
 

Latest revision as of 18:16, 2 October 2015

Technical Notes

   KB 21230        Last updated on 2015-10-2  




0.00
(0 votes)


Single-Node Commercial Certificate

Some theory about SSL Certificates and words that we will use in this tutorial:

  • CSR (Certificate Signing Request): A CSR or also Certificate Signing request is a encrypted file with information about the company. This file is generated in our server, the Information that contains inside we discussed in a previous article. A Certificate authority uses this CSR for take the information and create the SSL Certificate.
  • Private Key: We told before that CSR is a encrypted file, we used for encrypt it a Private Key, that is unique. The CSR and the SSL certificate will only works if we have the Private key. So the best practice is do a Backup of the Private Key and the CSR just in case we can have any problem. But keep in a secure place.

We will moving us to the correct folder inside our Server for generate the files that we will need:

cd /tmp

Generating the CSR

Using the tool zmcertmgr, the Zimbra system will create the CSR, and also automatically doing a Backup of the existing Cert, great.

zimbra@help:# /opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=help.zimbra.com"
** Generating a server csr for download comm -new -subject /C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=help.zimbra.com
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20141006233154 
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Creating server cert request /opt/zimbra/ssl/zimbra/commercial/commercial.csr...done.
** Saving server config key zimbraSSLPrivateKey...done.
root@help:/opt/zimbra/ssl/zimbra/commercial# /opt/zimbra/bin/zmcertmgr viewcsr comm commercial.csr
subject=/C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=help.zimbra.com
SubjectAltName= 
zimbra@help:# 

We will need this two files located in this location: /opt/zimbra/ssl/zimbra/commercial/:

  • commercial.csr: This is the file that we need to provide to the CA Authority
  • commercial.key: The Private Key that we need to save, or do a Backup if we want to install the CRT in other Server, or restore it in case of any fail.

Checking the content of the CSR - SSL Certificate

Now we can check trough CLI if everything in the SSL is allright with the next command:

zimbra@help:/tmp# /opt/zimbra/bin/zmcertmgr viewcsr comm commercial.csr
subject=/C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=help.zimbra.com
SubjectAltName= 

Another good method to check if everything is allright is using external websites, the only thing that we need to do is paste our CSR content, we can view it doing a more command:

zimbra@help:/tmp# more /opt/zimbra/ssl/zimbra/commercial/commercial.csr

We recommend one of this three:

  • [1]Comodo DecodeCSR
  • [2] Symantec CSR Check
  • [3] SSLShoper CSR Decoder

Using these web pages is quite easy, we just copy the CSR content and paste into this pages, take a look of this example in Symantec Website:

Ssl-check001.PNG

Buying the Commercial SSL Certificate

The next step is buy a valid commercial SSL certificate. Have tons of webpages around the World that you can use. This Companies will ask us about the CSR and our Business Information. And once the verification has a success they will send to us a file with the SSL Certificate (usually is a file with .crt extension)

Installing the Commercial SSL Certificate

When we have everything from our SSL Certificate authority, is time to put it in the correct folder.

Creating the commercial.crt

This file is easy to create, we only need to create that and paste inside the content of the file that the Certificate authority gave it to us:

zimbra@help:/tmp# vi commercial.crt

Creating the commercial_ca.crt

The file called commercial_ca.crt needs to be created with the correct information, we need to mix the Root Certificate and also The Intermediate Certificate, the order matters, so the file need to include CA INTERMEDIATE or INTERMEDIATES, CA ROOT one in the end of other with only one Backspace:

zimbra@help:/tmp# vi commercial_ca.crt

For example, this is how looks the file commercial_ca.crt with date September 2014 with a Geotrust QuickSSL Premium Certificate:

-----BEGIN CERTIFICATE-----
MIID+jCCAuKgAwIBAgIDAjbSMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTAwMjI2MjEzMjMxWhcNMjAwMjI1MjEzMjMxWjBhMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMURG9tYWluIFZh
bGlkYXRlZCBTU0wxGzAZBgNVBAMTEkdlb1RydXN0IERWIFNTTCBDQTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKa7jnrNpJxiV9RRMEJ7ixqy0ogGrTs8
KRMMMbxp+Z9alNoGuqwkBJ7O1KrESGAA+DSuoZOv3gR+zfhcIlINVlPrqZTP+3RE
60OUpJd6QFc1tqRi2tVI+Hrx7JC1Xzn+Y3JwyBKF0KUuhhNAbOtsTdJU/V8+Jh9m
cajAuIWe9fV1j9qRTonjynh0MF8VCpmnyoM6djVI0NyLGiJOhaRO+kltK3C+jgwh
w2LMpNGtFmuae8tk/426QsMmqhV4aJzs9mvIDFcN5TgH02pXA50gDkvEe4GwKhz1
SupKmEn+Als9AxSQKH6a9HjQMYRX5Uw4ekIR4vUoUQNLIBW7Ihq28BUCAwEAAaOB
2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIz02ZMKR7wAoErOS3VuoLaw
sn78MB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMBIGA1UdEwEB/wQI
MAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5j
b20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAB
hhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZIhvcNAQEFBQADggEBADOR
NxHbQPnejLICiHevYyHBrbAN+qB4VqOC/btJXxRtyNxflNoRZnwekcW22G1PqvK/
ISh+UqKSeAhhaSH+LeyCGIT0043FiruKzF3mo7bMbq1vsw5h7onOEzRPSVX1ObuZ
lvD16lo8nBa9AlPwKg5BbuvvnvdwNs2AKnbIh+PrI7OWLOYdlF8cpOLNJDErBjgy
YWE5XIlMSB1CyWee0r9Y9/k3MbBn3Y0mNhp4GgkZPJMHcCrhfCn13mZXCxJeFu1e
vTezMGnGkqX2Gdgd+DYSuUuVlZzQzmwwpxb79k1ktl8qFJymyFWOIPllByTMOAVM
IIi0tWeUz12OYjf+xLQ=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----

Checking if every file is OK

Also with all of these steps, we could do something wrong, we could check if everything is alright before deploy the SSL Certificate, for test all files we will execute the next:

zimbra@help:/opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt commercial_ca.crt

If everything is allright, the result of the command will be:

** Verifying commercial.crt against commercial.key
Certificate (commercial.crt) and private key (commercial.key) match.
Valid Certificate: commercial.crt: OK

Launching the last command

If we don't have any issue in the previous step, is time to launch the last two command here:

zimbra@help:/tmp# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt

The Logfile will be like this:

** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: commercial.crt: OK
** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
** NOTE: mailboxd must be restarted in order to use the imported certificate.
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.

Single-Node Multi-SAN Commercial Certificate

Have a Multi-SAN certificate simplify the task of secure the Zimbra Infrastructure with only one Certificate, so we will have only one CSR to renew each year, etc. Also the Multi-SAN SSL Certificates permit us add more ALT names if we need it and modify as well, we only need to generate the CSR with the changes and send it to the CA Authority.

Generating the MultiSAN.csr file

We will create a file that we can update per each domain that we will need to use in the future. Also we can update it for remove, or modify domains inside it.

We will start moving us to the correct folder inside our Server for generate the files that we will need:

cd /tmp/

Then is time to create the CSR file, in this file we need to change the name of our Private Key, our Common Name and also the alternative domains that we want to protect with our SSL.

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=mail.domain.com" -subjectAltNames "mail.domain.com,mail.domain2.com,mail.domain3.com"
** Generating a server csr for download comm -new -subject /C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=mail.domain.com -subjectAltNames mail.domain.com,mail.domain2.com,mail.domain3.com
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20141007154948
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Creating server cert request /tmp/commercial.csr...done.
** Saving server config key zimbraSSLPrivateKey...done.
zimbra@help:/opt/zimbra/ssl/zimbra/commercial#

Checking the content of the SSL Certificate

Now we can check trough CLI if everything in the SSL is allright with the next command:

zimbra@help:/tmp# /opt/zimbra/bin/zmcertmgr viewcsr comm commercial.csr
subject=/C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=mail.domain.com
SubjectAltName= mail.domain.com, mail.domain2.com, mail.domain3.com

We will check the CSR that we've generated, just copy the result of this command:

more commercial.csr

Inside any of this CSR Decoder's Web:

  • [4]Comodo DecodeCSR
  • [5] Symantec CSR Check
  • [6] SSLShoper CSR Decoder

SSL MultiSAN Install Web 001.png

Buying the Commercial SSL Certificate

The next step is buy a valid commercial SSL certificate. Have tons of webpages around the World that you can use. This Companies will ask us about the CSR and our Business Information. And once the verification has a success they will send to us a file with the SSL Certificate (usually is a file with .crt extension)

Installing the Commercial SSL Certificate

We can use the same instructions explained here:

Creating the commercial_ca.crt

We can use the same instructions explained here:

Checking if every file is OK

We can use the same instructions explained here:

Launching the last command

We can use the same instructions explained here:

Forcing the Server to use only HTTPS

We can use the same instructions explained here:

Forcing the Server to use only HTTPS

Now that we have a valid SSL, the best option is force to our server that only use SSL for our Web Client Access. For do it we will use zmtlsctl command, let's take a look of all of the options here:

  • http - http only, the user can access to our Zimbra Web Client trough http://webmail.zimbra.com
  • https – https only, the user can access to our Zimbra Web Client trough https://webmail.zimbra.com
  • both – The user can access trough both protocols http:// or https:// and it will keep in the same protocol during all session.
  • mixed – With this option, the user will come in trought http:// and will be redirect to https:// only for the login form, after that will be redirect to http:// again. If the user come directly trough https:// the user will be under https:// all the time.
  • redirect - If the user came trough http, it will be automatically redirect to https:// and it will keep on it during all session.

Zimlet LinkedIn Images

This article has been moved to the next Link

VMware HA script in Zimbra Collaboration

This article has been moved to the next Link

Migrate from cPanel/Plesk to Zimbra Collaboration 8.0.x 8.x

This article has been moved to the next Link

Verified Against: Zimbra Collaboration 8.0, 7.0 Date Created: 01/1/2015
Article ID: https://wiki.zimbra.com/index.php?title=Technical-Notes Date Modified: 2015-10-02



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search