Transfer SSL certificates between servers: Difference between revisions

Backup/Transfer SSL Certificates Between Servers

• Copy /opt/zimbra/ssl to /sslbk.
• Create sslbk.zip from the directory /sslbk and transfer it to a holding server.
• On the destination server stop the zimbra service.
• As root transfer the sslbk.zip file from the holding server to the destination server.
• Re-name the existing /opt/zimbra/ssl to ssl_old.
• Un-pack the sslbk.zip file to the root directory as /sslbk.
• Copy the /sslbk to /opt/zimbra/ and rename to ssl so that /opt/zimbra/ssl is re-created using the directory from the source server.
• cd into the /opt/zimbra/bin directory
• Deploy the cert ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt
• Switch back to Zimbra user and restart Zimbra and then switch back to root and restart the Zimbra service at /etc/init.d/./zimbra restart

common error messages

If you see this message, then make sure to unzip the file sslbk.zip and replace /opt/zimbra/ssl with sslbk files.

[root@zim-lab-06 bin]# ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt
** Verifying /sslbk/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/sslbk/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid

If you see a list of services that did not start post re-install of the SSL certificate, then restart the Zimbra service and
 may have to clear the PID number from the .pid files to force a refresh of zimbra process tracking.  /opt/zimbra/log