Project

General

Profile

Support #398

Installing a SSL Certificate on Zimbra

Added by Daniel Curtis almost 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Mail Server
Target version:
-
Start date:
06/06/2014
Due date:
% Done:

100%

Estimated time:
1.00 h
Spent time:

Description

This article is a guide to installing a StartSSL issued SSL certificate with the zmcertmgr tool.

  • 1. Download the ca.pem and sub.class1.server.ca.pem to /tmp/
    cd /tmp
    wget https://www.startssl.com/certs/ca.pem
    wget https://www.startssl.com/certs/sub.class1.server.ca.pem
    
  • 2. Combine the two CA certs to form a single CA certificate chain file
    cat ca.pem sub.class1.server.ca.pem > ca_bundle.crt
    
  • 3. Place signed SSL certificate in /tmp/www.example.com.crt.
  • 4. Place the SSL private key in /opt/zimbra/ssl/zimbra/commercial/commercial.key
  • 5. Deploy the commercial certificate with zmcertmgr as the root user.
    cd /opt/zimbra/bin
    ./zmcertmgr deploycrt comm /tmp/www.example.com.crt /tmp/ca_bundle.crt
    
  • 6.(As Root User) Import the SSL key into Zimbra
    /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    
  • 7. Restart the zimbra services
    su zimbra
    zmcontrol stop
    zmcontrol start
    
#1

Updated by Daniel Curtis almost 10 years ago

  • Description updated (diff)
  • Status changed from In Progress to Resolved
  • % Done changed from 50 to 100
#2

Updated by Daniel Curtis almost 10 years ago

  • Status changed from Resolved to Closed
#3

Updated by Daniel Curtis over 9 years ago

  • Description updated (diff)
#4

Updated by Daniel Curtis about 9 years ago

  • Project changed from 89 to GNU/Linux Administration
  • Category set to Mail Server

Also available in: Atom PDF