Regenerate Self-Signed SSL Certificate - Multi-Server

Regenerate Self-Signed SSL Certificate - Multi-Server

   KB 21726        Last updated on 2015-07-12  

(0 votes)


Regenerate the SSL certificate in a Zimbra multi-server environment.


Multi-Node Self-Signed Certificate 1. Begin by generating a new Certificate Authority (CA).

/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr deployca

2. Then generate a certificate signed by the CA that expires in 365 days with either wildcard or subject altnames. Option 1

/opt/zimbra/bin/zmcertmgr createcrt -new -days 365 -subjectAltNames "*" 

Option 2

/opt/zimbra/bin/zmcertmgr createcrt -new -days 365 -subject "/C=US/ST=CA/L=NVA/O=ZCS/OU=ZCS/CN=*" 

Option 3

/opt/zimbra/bin/zmcertmgr createcrt -new -days 365 -subjectAltNames ",host2.example.come"

3. Next, deploy the certificate to all nodes in the deployment.

/opt/zimbra/bin/zmcertmgr deploycrt self -allserver

4. To finish, verify the certificate was deployed.

/opt/zimbra/bin/zmcertmgr viewdeployedcrt

Note: The option viewdeployedcrt only works for the local server.

Additional Content

Verified Against: Zimbra Collaboration 8.5, 8.6 Date Created: 02/24/2015
Article ID: Date Modified: 2015-07-12

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Wiki/KB reviewed by Gayle B Jorge Jenny Last edit by Jorge de la Cruz
Jump to: navigation, search