Skip to main content

zimbra ssl commands

 

Install commercial SSL certificates (digicert, comodo, etc.)

If you want to install via the Admin interface, you need to use the admin interface to create a CSR (Certificate Signing Request) file to send to the cert seller. Details refer here : 
In case you already have the cert and want to install it on the server. The most convenient way is to use the CLI command line interface.
1. Preparation
Please follow the following guidelines and examples to be able to customize and install yourself according to your specific situation.
Usually the seller will send you a zip file containing the following files:
SSL.ca-bundle
SSL.crt
SSL.key (zimbra already has commercial.key in /opt/zimbra/ssl/zimbra/commercial)
The ca-bundle file will include 2 intermediate certs. You need to add the contents of the CARoot certificate. This certificate is downloaded from the supplier's homepage.
2. Installation steps
You upload files to the /tmp directory, and with zimbra user rights, perform the following steps:
a. Create file /tmp/commercial_ca.crt
This file is a summary of a sequence of 3 certificates, rootca and 2 intermediate ca.
For example, if you use the file ca_bundle
su - zimbra
cd /tmp/
cat CARoot.crt SSL.ca-bundle > /tmp/commercial_ca.crt

CARoot.crt is the CA root file that you downloaded from the vendor.
b. Place your certificate in /tmp/commercial.crt
cp SSL.crt /tmp/commercial.crt
c. Place the key file in /opt/zimbra/ssl/zimbra/commercial/commercial.key
Zimbra already has commercial.key in /opt/zimbra/ssl/zimbra/commercial. If not, copy the key file that the seller sent you.
cp SSL.key /opt/zimbra/ssl/zimbra/commercial/commercial.key
d. Check certificate, private key, Intermediate CA OK or not. If OK, then you proceed to the next step.
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/commercial_ca.crt
** Verifying /tmp/commercial.crt against /opt/zimbra /ssl/zimbra/commercial/commercial.key
Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /tmp/commercial.crt: OK
e. Install your certificate
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/ commercial/commercial.key
Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /tmp/commercial.crt: OK
** Copying /tmp/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain /tmp/commercial_ca.crt to /opt/ zimbra/ssl/zimbra/commercial/commercial.crt
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
** NOTE: mailboxd must be restarted in order to use the imported certificate.
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
f. Restart Zimbra
zmcontrol restart


I tried to install it using UI, but it failed with some error related to RemoteManager and port 22.

To install on Command line, first you need to login as user zimbra

I copied all files provided by SSL provider to the server. Change to SSL folder

Edited the file

Pasted the SSL certificate content to this file. commercial.key file have the private key, this get auto generated during the CSR generation process.

Now i tried mixing those 3 files (CA certs) to create commerical_ca.crt, but it failed to work

After few try, mixing ca certificate in following order got it work.


Intermediate CA Certificate - USERTrustRSAAAACA.crt

Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt

then 

Root CA Certificate - AAACertificateServices.crt

mix all three one by one and create commercial_ca.crt


paste real certificate in commercial.crt


and key on commercial.key

and verified it and worked



/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt




/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt


you need to put


 /mnt/fristam-ssl/commercial_ca.crt


/mnt/fristam-ssl/zimbra_fristam_in.crt


and key here /opt/zimbra/ssl/zimbra/commercial/commercial.key


/opt/zimbra/bin/zmcertmgr verifycrt comm  /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/yourdomain_com.crt /opt/yourdomain_com.ca-bundle



/opt/zimbra/bin/zmcertmgr verifycrt comm  /opt/zimbra/ssl/zimbra/commercial/commercial.key  /mnt/fristam-ssl/zimbra_fristam_in.crt /mnt/fristam-ssl/commercial_ca.crt



/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/yourdomain_com.crt /opt/yourdomain_com.ca-bundle


/opt/zimbra/bin/zmcertmgr deploycrt comm /mnt/fristam-ssl/zimbra_fristam_in.crt /mnt/fristam-ssl/commercial_ca.crt

Comments

Post a Comment

Popular posts from this blog

cpanel exam CPSP Answers

 Which of the following options best describes the role of Shared Hosting on a web server? Providing hosting for a single website owned by different people on multiple servers. Providing hosting for a single website owned by one person on one server. Providing hosting for multiple websites owned by different people on one server. Providing hosting for multiple websites owned by one person on one server. 3 Which of the following capabilities can a cPanel account user perform easily from within the cPanel account interface without the aid of a system administrator? File and configuration management. Relocating the physical server. Upgrading server hardware and equipment. Installing new database software. 1 File and configuration management. Which of the following options best describes a core benefit to using cPanel & WHM, as a web hosting provider operating on a cPanel & WHM environment? cPanel users are able to create new virtualization resources to help host their web applicat
Read more

How to install zimbra collaboration suite 8.8.11 on CentOS 7

Check system requirements  https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0/Single_Server_Installation#System_Requirements prerequisites Before we get started, here are a few things that are required before we proceed with the installation. A clean installation of Centos 7 A Fully Qualified Domain (FQDN) for your server(Example mail.geekybum.com) An external DNS server with both A and MX records for your server to point to your Zimbra mail server IP Address A static IP Address assigned to network interface. Step 1: Root login to server through SSH Step 2: Install required packages for zimbra coloboration suite installation yum -y install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat libstdc++.so Initial server setup To get started we need to configure a hostname for our server and a static IP address. vi /etc/hosts 135.125.30.56 mail.geekybum.com mail Replace the system hostname and FQDN values accordingly in order to match your own do
Read more

awstats installation

Set Up AWStats for Nginx on Ubuntu sudo apt-get install awstats add access log file to generate stats using this server { # ... all your other config ... access_log /var/log/nginx/yourdomain.com.access.log ; # ... all your other config ... } /etc/nginx/sites-available vi awstats.parleproducts.com.conf cd /etc/awstats/ vi awstats.parleproducts.com.conf #path to your nginx log file LogFile="/var/log/nginx/parleproducts.com.access.log" # Domain of your vhost SiteDomain="parleproducts.com" # Directory where to store the awstats data DirData="/var/lib/awstats/" # Other domains/subdomain you want included from your logs, for example the www subdomain HostAliases="www.parleproducts.com" # If you customized your log format above add this line: LogFormat = ""%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot"" # If you did not, uncomment and use this line: #
Read more