Installing SSL Certificate on zimbra(ZCS) 6.0.x

点击数：114472016-01-25 18:07:18　来源: 中国数字证书CHINASSL

In those cases you should be able to use these instructions on Zimbra 6.x to allow the non-trusting devices to trust your newly issued server certificate.

• As Root:

1). move all the files in /opt/zimbra/ssl/zimbra/commercial

cd /opt/zimbra/ssl/zimbra/commercial/  tar -czvf /tmp/ssl.commercial.tar.gz *  rm -rf *  

2. generate a new csr , please edit this line for your company details

/opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=CN/ST=Tianjin/L=Tianjin/O=CHINASSL Inc./OU=IT./CN=mail.chinassl.net"  

3.) Place SSL order from chinassl

Place SSL order and paste in the contents of yourdomain.csr  
Put the certificate into yourdomain.crt using cat or vi  

4. put your CA in place ( For Chinassl https://www.chinassl.net )

Use cat or vi to put the intermediate certs,  and root certs together in the yourdomain_ca.crt file.  The order they appear is important.  Intermediate cert should be on top, root cert in the bottom.  Be sure no extra line breaks or spaces exist in the file.  

[ Intermediate ]  
[ Root ]

5. verify that the cert and key match

/opt/zimbra/bin/zmcertmgr verifycrt comm yourdomain.key yourdomain.crt  

should return  

** Verifying yourdomain.crt against yourdomain.key  Certificate (yourdomain.crt) and private key (yourdomain.key) match.  

6. deploy the cert

/opt/zimbra/bin/zmcertmgr deploycrt comm yourdomain.crt yourdomain_ca.crt  

should return  

** Verifying yourdomain.crt against /opt/zimbra/ssl/zimbra/commercial/yourdomain.key  Certificate (yourdomain.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/yourdomain.key) match.  Valid Certificate: yourdomain.crt: OK  ** Copying yourdomain.crt to /opt/zimbra/ssl/zimbra/commercial/yourdomain.crt  cp: `yourdomain.crt' and `/opt/zimbra/ssl/zimbra/commercial/yourdomain.crt' are the same file  ** Saving server config key zimbraSSLCertificate...done.  ** Saving server config key zimbraSSLPrivateKey...done.  ** Installing mta certificate and key...done.  ** Installing slapd certificate and key...done.  ** Installing proxy certificate and key...done.  ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/YOUR.SERVER.NAME.pkcs12...done.  ** Creating keystore file /opt/zimbra/conf/keystore...done.  ** Installing CA to /opt/zimbra/conf/ca...done.  

(Proxy Install)

7. If you run Zimbra Proxy in front of all your mailbox servers, you only need the certificate created for and installed on that one server. Restart the proxy (for IMAP/POP/HTTP).

su - zimbra  zmproxyctl restart  

(Mailbox Install)

8. If you are installing a commercial certificate on each mailbox, restart mailboxd and the proxy (for IMAP/POP)

su - zimbra  zmmailboxdctl restart  

su - zimbra  zmproxyctl restart  

9. Verify your certificate looks correct externally.

https://www.chinassl.net/ssltools/ssl-checker.html 

• It's also very handy to have a copy of the comments for zmcertmgr around in a side window.

 

来源地址：https://wiki.zimbra.com/wiki/Installing_a_GeoTrust_Commercial_Certificate

原文标题：Installing SSL Certificate on zimbra(ZCS) 6.0.x
原文地址：https://www.chinassl.net/ssl_install/n651.html
版权所有@转载请注明出处：CHINASSL[https://www.chinassl.net]

【责任编辑：中国数字证书CHINASSL】 (Top) 返回页面顶端