Transfer SSL certificates between servers: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
==backup/transfer ssl certificates between servers== | |||
<pre> | <pre> | ||
copy /opt/zimbra/ssl to /sslbk. | copy /opt/zimbra/ssl to /sslbk. | ||
Line 6: | Line 7: | ||
on the destination server stop the zimbra service. | on the destination server stop the zimbra service. | ||
As root transfer the sslbk.zip file from the | As root transfer the sslbk.zip file from the holding server to the destination server. | ||
re-name the existing /opt/zimbra/ssl to ssl_old. | re-name the existing /opt/zimbra/ssl to ssl_old. |
Revision as of 19:46, 23 February 2009
backup/transfer ssl certificates between servers
copy /opt/zimbra/ssl to /sslbk. create sslbk.zip from the directory /sslbk and transfer it to a holding server. on the destination server stop the zimbra service. As root transfer the sslbk.zip file from the holding server to the destination server. re-name the existing /opt/zimbra/ssl to ssl_old. un-pack the sslbk.zip file to the root directory as /sslbk. copy the /sslbk to /opt/zimbra/ and rename to ssl so that /opt/zimbra/ssl is re-created using the directory from the source server. cd into the /opt/zimbra/bin directory Deploy the cert ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt switch back to Zimbra user and restart Zimbra and then switch back to root and restart the Zimbra service at /etc/init.d/./zimbra restart
common error messages
If you see this message, then make sure to unzip the file sslbk.zip and replace /opt/zimbra/ssl with sslbk files. [root@zim-lab-06 bin]# ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt ** Verifying /sslbk/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key XXXXX ERROR: Unmatching certificate (/sslbk/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair. XXXXX ERROR: provided cert isn't valid
If you see a list of services that did not start post re-install of the SSL certificate, then restart the Zimbra service and may have to clear the PID number from the .pid files to force a refresh of zimbra process tracking. /opt/zimbra/log