Installing SSL Certificate on zimbra(ZCS) 6.0.x
点击数:117982016-01-25 18:07:18 来源: 中国数字证书CHINASSL
In those cases you should be able to use these instructions on Zimbra 6.x to allow the non-trusting devices to trust your newly issued server certificate.
- As Root:
1). move all the files in /opt/zimbra/ssl/zimbra/commercial
cd /opt/zimbra/ssl/zimbra/commercial/ tar -czvf /tmp/ssl.commercial.tar.gz * rm -rf *
2. generate a new csr , please edit this line for your company details
/opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=CN/ST=Tianjin/L=Tianjin/O=CHINASSL Inc./OU=IT./CN=mail.chinassl.net"
3.) Place SSL order from chinassl
Place SSL order and paste in the contents of yourdomain.csr Put the certificate into yourdomain.crt using cat or vi
4. put your CA in place ( For Chinassl https://www.chinassl.net )
Use cat or vi to put the intermediate certs, and root certs together in the yourdomain_ca.crt file. The order they appear is important. Intermediate cert should be on top, root cert in the bottom. Be sure no extra line breaks or spaces exist in the file.
[ Intermediate ] [ Root ]
5. verify that the cert and key match
/opt/zimbra/bin/zmcertmgr verifycrt comm yourdomain.key yourdomain.crt
should return
** Verifying yourdomain.crt against yourdomain.key Certificate (yourdomain.crt) and private key (yourdomain.key) match.
6. deploy the cert
/opt/zimbra/bin/zmcertmgr deploycrt comm yourdomain.crt yourdomain_ca.crt
should return
** Verifying yourdomain.crt against /opt/zimbra/ssl/zimbra/commercial/yourdomain.key Certificate (yourdomain.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/yourdomain.key) match. Valid Certificate: yourdomain.crt: OK ** Copying yourdomain.crt to /opt/zimbra/ssl/zimbra/commercial/yourdomain.crt cp: `yourdomain.crt' and `/opt/zimbra/ssl/zimbra/commercial/yourdomain.crt' are the same file ** Saving server config key zimbraSSLCertificate...done. ** Saving server config key zimbraSSLPrivateKey...done. ** Installing mta certificate and key...done. ** Installing slapd certificate and key...done. ** Installing proxy certificate and key...done. ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/YOUR.SERVER.NAME.pkcs12...done. ** Creating keystore file /opt/zimbra/conf/keystore...done. ** Installing CA to /opt/zimbra/conf/ca...done.
(Proxy Install)
7. If you run Zimbra Proxy in front of all your mailbox servers, you only need the certificate created for and installed on that one server. Restart the proxy (for IMAP/POP/HTTP).
su - zimbra zmproxyctl restart
(Mailbox Install)
8. If you are installing a commercial certificate on each mailbox, restart mailboxd and the proxy (for IMAP/POP)
su - zimbra zmmailboxdctl restart
su - zimbra zmproxyctl restart
9. Verify your certificate looks correct externally.
https://www.chinassl.net/ssltools/ssl-checker.html
- It's also very handy to have a copy of the comments for zmcertmgr around in a side window.
来源地址:https://wiki.zimbra.com/wiki/Installing_a_GeoTrust_Commercial_Certificate
上一页1下一页 |
原文地址:https://www.chinassl.net/ssl_install/n651.html
版权所有@转载请注明出处:CHINASSL[https://www.chinassl.net]