4.5.x to 5.0.x Certificate Upgrade Issues

If you are upgrading from 4.5x to 5.0.x and the cert failed to upgrade successfully, you need to re-install the cert.


You will need these pieces:

  1. The private key. This can be extracted from the Tomcat keystore. Zimbra Support can help with this process if you send the Tomcat keystore.
  2. The server certificate
  3. The chain cert files


With these pieces in hand, we can use the zmcertmgr to install the certificate.

1. Verify that the cert and the key match using this command:

/opt/zimbra/bin/zmcertmgr verifycrt comm /path/to/privatekey /path/to/commercial.crt /path/to/commercial_ca.crt

2. From the temp directory, deploy the cert and restart the zimbra services.

(a) sudo zmcertmgr deploycrt comm /path/to/commercial.crt /path/to/commercial_ca.crt
(b) zmcontrol stop ; zmcontrol start

3. Check to make sure that only the jetty alias exists in the keystore.

keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass  `zmlocalconfig -s -m nokey mailboxd_keystore_password`

4. Delete the tomcat alias, if exists, with the following command.

keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`

Verified Against: ZCS 5.0.x & 4.5.x Date Created: 9/17/2008
Article ID: https://wiki.zimbra.com/index.php?title=4.5.x_to_5.0.x_Certificate_Upgrade_Issues Date Modified: 2015-03-24

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search