Transfer SSL certificates between servers: Difference between revisions

backup/transfer ssl certificates between servers

copy /opt/zimbra/ssl  to /sslbk.

create sslbk.zip from the directory /sslbk and transfer it to a holding server.

on the destination server stop the zimbra service.

As root transfer the sslbk.zip file from the holding server to the destination server.

re-name the existing /opt/zimbra/ssl  to ssl_old.

un-pack the  sslbk.zip file to the root directory as  /sslbk.

copy the /sslbk to /opt/zimbra/ and rename to ssl  so that /opt/zimbra/ssl is re-created using the directory from the source server.

cd into the /opt/zimbra/bin directory

Deploy the cert ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt

switch back to Zimbra user and restart Zimbra and then switch back to root and restart the Zimbra service at /etc/init.d/./zimbra restart

common error messages

If you see this message, then make sure to unzip the file sslbk.zip and replace /opt/zimbra/ssl with sslbk files.

[root@zim-lab-06 bin]# ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt
** Verifying /sslbk/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/sslbk/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid

If you see a list of services that did not start post re-install of the SSL certificate, then restart the Zimbra service and
 may have to clear the PID number from the .pid files to force a refresh of zimbra process tracking.  /opt/zimbra/log