Transfer SSL certificates between servers: Difference between revisions
(New page: <pre> copy /opt/zimbra/ssl to /sslbk. create sslbk.zip from the directory /sslbk and transfer it to a holding server. on the destination server stop the zimbra service. As root transfe...) |
No edit summary |
||
(10 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
< | {{BC|Community Sandbox}} | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=Backup/Transfer SSL Certificates Between Servers= | |||
{{KB|{{Unsupported}}|{{ZCS 5.0}}||}} | |||
{{Archive}}{{WIP}} | |||
*Copy /opt/zimbra/ssl to /sslbk. | |||
*Create sslbk.zip from the directory /sslbk and transfer it to a holding server. | |||
*On the destination server stop the zimbra service. | |||
*As root transfer the sslbk.zip file from the holding server to the destination server. | |||
As root transfer the sslbk.zip file from the | *Re-name the existing /opt/zimbra/ssl to ssl_old. | ||
*Un-pack the sslbk.zip file to the root directory as /sslbk. | |||
*Copy the /sslbk to /opt/zimbra/ and rename to ssl so that /opt/zimbra/ssl is re-created using the directory from the source server. | |||
*cd into the /opt/zimbra/bin directory | |||
*Deploy the cert ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt | |||
*Switch back to Zimbra user and restart Zimbra and then switch back to root and restart the Zimbra service at /etc/init.d/./zimbra restart | |||
cd into the /opt/zimbra/bin directory | |||
Deploy the cert ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt | |||
===common error messages=== | ===common error messages=== | ||
---------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ||
If you see this message then make sure to unzip the file sslbk.zip and replace /opt/zimbra/ssl with sslbk files | <pre>If you see this message, then make sure to unzip the file sslbk.zip and replace /opt/zimbra/ssl with sslbk files. | ||
[root@zim-lab-06 bin]# ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt | [root@zim-lab-06 bin]# ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt | ||
** Verifying /sslbk/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key | ** Verifying /sslbk/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
XXXXX ERROR: Unmatching certificate (/sslbk/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair. | XXXXX ERROR: Unmatching certificate (/sslbk/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair. | ||
XXXXX ERROR: provided cert isn't valid | XXXXX ERROR: provided cert isn't valid</pre> | ||
If you see a list of services that did not start post re-install of the SSL certificate then restart the Zimbra service and may have to clear the PID number from the .pid files to force a refresh of zimbra process tracking. /opt/zimbra/log | <pre>If you see a list of services that did not start post re-install of the SSL certificate, then restart the Zimbra service and | ||
may have to clear the PID number from the .pid files to force a refresh of zimbra process tracking. /opt/zimbra/log</pre> | |||
---------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ||
{{Article Footer|ZCS 5.0 |2/24/2009}} | |||
[[Category: Certificates]] | |||
[[Category: ZCS 5.0]] |
Latest revision as of 10:30, 13 July 2015
Backup/Transfer SSL Certificates Between Servers
- This is archive documentation, which means it is not supported or valid for recent versions of Zimbra Collaboration.
- This article is a Work in Progress, and may be unfinished or missing sections.
- Copy /opt/zimbra/ssl to /sslbk.
- Create sslbk.zip from the directory /sslbk and transfer it to a holding server.
- On the destination server stop the zimbra service.
- As root transfer the sslbk.zip file from the holding server to the destination server.
- Re-name the existing /opt/zimbra/ssl to ssl_old.
- Un-pack the sslbk.zip file to the root directory as /sslbk.
- Copy the /sslbk to /opt/zimbra/ and rename to ssl so that /opt/zimbra/ssl is re-created using the directory from the source server.
- cd into the /opt/zimbra/bin directory
- Deploy the cert ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt
- Switch back to Zimbra user and restart Zimbra and then switch back to root and restart the Zimbra service at /etc/init.d/./zimbra restart
common error messages
If you see this message, then make sure to unzip the file sslbk.zip and replace /opt/zimbra/ssl with sslbk files. [root@zim-lab-06 bin]# ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt ** Verifying /sslbk/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key XXXXX ERROR: Unmatching certificate (/sslbk/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair. XXXXX ERROR: provided cert isn't valid
If you see a list of services that did not start post re-install of the SSL certificate, then restart the Zimbra service and may have to clear the PID number from the .pid files to force a refresh of zimbra process tracking. /opt/zimbra/log