Support #398
Updated by Daniel Curtis over 10 years ago
This article is a guide to installing a StartSSL issued SSL certificate with the zmcertmgr tool. * 1. Download the *ca.pem* and *sub.class1.server.ca.pem* to /tmp/ <pre> cd /tmp wget https://www.startssl.com/certs/ca.pem wget https://www.startssl.com/certs/sub.class1.server.ca.pem </pre> * 2. Combine the two CA certs to form a single CA certificate chain file <pre> cat ca.pem sub.class1.server.ca.pem > ca_bundle.crt </pre> * 3. Place signed SSL certificate in /tmp/www.example.com.crt. * 4. Place the SSL private key in /opt/zimbra/ssl/zimbra/commercial/commercial.key * 5. Deploy the commercial certificate with zmcertmgr as the root user. <pre> cd /opt/zimbra/bin ./zmcertmgr deploycrt comm /tmp/www.example.com.crt /tmp/ca_bundle.crt </pre> * 6.(As Root User) Import the SSL key into Zimbra <pre> /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/www.example.com.crt </pre> * 7. Restart the zimbra services <pre> su zimbra zmcontrol stop zmcontrol start </pre>