Transfer SSL certificates between servers: Difference between revisions
m (added footer) |
No edit summary |
||
Line 1: | Line 1: | ||
== | ==Backup/Transfer SSL Certificates Between Servers== | ||
*Copy /opt/zimbra/ssl to /sslbk. | |||
*Create sslbk.zip from the directory /sslbk and transfer it to a holding server. | |||
*On the destination server stop the zimbra service. | |||
*As root transfer the sslbk.zip file from the holding server to the destination server. | |||
As root transfer the sslbk.zip file from the holding server to the destination server. | *Re-name the existing /opt/zimbra/ssl to ssl_old. | ||
*Un-pack the sslbk.zip file to the root directory as /sslbk. | |||
*Copy the /sslbk to /opt/zimbra/ and rename to ssl so that /opt/zimbra/ssl is re-created using the directory from the source server. | |||
*cd into the /opt/zimbra/bin directory | |||
*Deploy the cert ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt | |||
*Switch back to Zimbra user and restart Zimbra and then switch back to root and restart the Zimbra service at /etc/init.d/./zimbra restart | |||
cd into the /opt/zimbra/bin directory | |||
Deploy the cert ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt | |||
===common error messages=== | ===common error messages=== |
Revision as of 23:45, 25 September 2009
Backup/Transfer SSL Certificates Between Servers
- Copy /opt/zimbra/ssl to /sslbk.
- Create sslbk.zip from the directory /sslbk and transfer it to a holding server.
- On the destination server stop the zimbra service.
- As root transfer the sslbk.zip file from the holding server to the destination server.
- Re-name the existing /opt/zimbra/ssl to ssl_old.
- Un-pack the sslbk.zip file to the root directory as /sslbk.
- Copy the /sslbk to /opt/zimbra/ and rename to ssl so that /opt/zimbra/ssl is re-created using the directory from the source server.
- cd into the /opt/zimbra/bin directory
- Deploy the cert ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt
- Switch back to Zimbra user and restart Zimbra and then switch back to root and restart the Zimbra service at /etc/init.d/./zimbra restart
common error messages
If you see this message, then make sure to unzip the file sslbk.zip and replace /opt/zimbra/ssl with sslbk files. [root@zim-lab-06 bin]# ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt ** Verifying /sslbk/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key XXXXX ERROR: Unmatching certificate (/sslbk/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair. XXXXX ERROR: provided cert isn't valid
If you see a list of services that did not start post re-install of the SSL certificate, then restart the Zimbra service and may have to clear the PID number from the .pid files to force a refresh of zimbra process tracking. /opt/zimbra/log