请稍候...
  • 通配符证书Wildcard SSL,部署全网HTTPS必备
  • 为什么使用企业型SSL证书?
  • 增强型证书EV SSL,完美支持地址栏显示中文企业名称
  • HTTPS今天你用了吗?
  • 多域名SANS/UCC SSL证书,全面支持Exchange Server 2..
  • 选择SSL证书产品遇到问题?

Installing SSL Certificate on zimbra(ZCS) 6.0.x

点击数:117982016-01-25 18:07:18 来源: 中国数字证书CHINASSL

In those cases you should be able to use these instructions on Zimbra 6.x to allow the non-trusting devices to trust your newly issued server certificate.

  • As Root:

1). move all the files in /opt/zimbra/ssl/zimbra/commercial

cd /opt/zimbra/ssl/zimbra/commercial/  tar -czvf /tmp/ssl.commercial.tar.gz *  rm -rf *  

2. generate a new csr , please edit this line for your company details

/opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=CN/ST=Tianjin/L=Tianjin/O=CHINASSL Inc./OU=IT./CN=mail.chinassl.net"  

3.) Place SSL order from chinassl

Place SSL order and paste in the contents of yourdomain.csr  
Put the certificate into yourdomain.crt using cat or vi  

4. put your CA in place ( For Chinassl https://www.chinassl.net )

Use cat or vi to put the intermediate certs,  and root certs together in the yourdomain_ca.crt file.  The order they appear is important.  Intermediate cert should be on top, root cert in the bottom.  Be sure no extra line breaks or spaces exist in the file.  
[ Intermediate ]  
[ Root ]

5. verify that the cert and key match

/opt/zimbra/bin/zmcertmgr verifycrt comm yourdomain.key yourdomain.crt  
should return  
** Verifying yourdomain.crt against yourdomain.key  Certificate (yourdomain.crt) and private key (yourdomain.key) match.  

6. deploy the cert

/opt/zimbra/bin/zmcertmgr deploycrt comm yourdomain.crt yourdomain_ca.crt  
should return  
** Verifying yourdomain.crt against /opt/zimbra/ssl/zimbra/commercial/yourdomain.key  Certificate (yourdomain.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/yourdomain.key) match.  Valid Certificate: yourdomain.crt: OK  ** Copying yourdomain.crt to /opt/zimbra/ssl/zimbra/commercial/yourdomain.crt  cp: `yourdomain.crt' and `/opt/zimbra/ssl/zimbra/commercial/yourdomain.crt' are the same file  ** Saving server config key zimbraSSLCertificate...done.  ** Saving server config key zimbraSSLPrivateKey...done.  ** Installing mta certificate and key...done.  ** Installing slapd certificate and key...done.  ** Installing proxy certificate and key...done.  ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/YOUR.SERVER.NAME.pkcs12...done.  ** Creating keystore file /opt/zimbra/conf/keystore...done.  ** Installing CA to /opt/zimbra/conf/ca...done.  


(Proxy Install)

7. If you run Zimbra Proxy in front of all your mailbox servers, you only need the certificate created for and installed on that one server. Restart the proxy (for IMAP/POP/HTTP).

su - zimbra  zmproxyctl restart  


(Mailbox Install)

8. If you are installing a commercial certificate on each mailbox, restart mailboxd and the proxy (for IMAP/POP)

su - zimbra  zmmailboxdctl restart  
su - zimbra  zmproxyctl restart  

9. Verify your certificate looks correct externally.

https://www.chinassl.net/ssltools/ssl-checker.html 
  • It's also very handy to have a copy of the comments for zmcertmgr around in a side window.

 

来源地址:https://wiki.zimbra.com/wiki/Installing_a_GeoTrust_Commercial_Certificate

上一页1下一页