Installing a Network Solutions Certificate on ZCS 5.0.x
|This article applies to the following ZCS versions.|
Use the following steps to import and install a Network Solutions commercial certificate on a ZCS 5.0.x server.
Note: These instructions assume that you have the private key in /opt/zimbra/ssl/zimbra/commercial named as commercial.key with the correct permissions.
1. Rename the <server_name.crt> file to commercial.crt and place it in the /opt/zimbra/ssl/zimbra/commercial
2. chmod 700 commercial.crt
3. Concatenate the chain files into one file and call it commercial_ca.crt
cat AddTrustExternalCARoot.crt NetworkSolutions_CA.crt UTNAddTrustServer_CA.crt >> commercial_ca.crt
4. cp commercial_ca.crt /opt/zimbra/ssl/zimbra/commercial
chmod 700 commercial_ca.crt
5. Run a check against the cert files.
/opt/zimbra/bin/zmcertmgr verifycrt comm
6. At this point and if the output looks promising, go ahead and deploy the cert.
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
if you get error messages like these: Error loading file ./commercial_ca.crt 6675:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:749: 6675:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:by_file.c:280: usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ... The solution is to add a newline to the end of the "AddTrustExternalCARoot.crt" and "NetworkSolutions_CA.crt" files _only_.
7. Restart the Zimbra services.
su - zimbra zmcontrol stop zmcontrol start
8. Verify that the Web interface is loading correctly with the new certificate.