To install an existing commercial ssl certificate (i.e from RapidSSL):
Assume you already have the crt file (commercial.crt and commercial.key).
1. Download and save the root Certificate Authority (CA) from your provider to a temporary file. (e.g. /tmp/ca.crt)
Download link:http://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.cer
2. Download any intermediary CAs from your provider to a temporary file. (e.g. /tmp/ca_intermediary.crt)
Download link:https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1549
3. Combine root and intermediary CAs into a temporary file.
# cat /tmp/ca.crt /tmp/ca_intermediary.crt > /tmp/ca_chain.crt
4. Verify your commercial certificate.
# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt ** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match. Valid Certificate: /tmp/commercial.crt: OK
5. Deploy your commercial certificate.
# /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt ** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match. Valid Certificate: /tmp/commercial.crt: OK ** Copying /tmp/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt ** Appending ca chain /tmp/ca_chain.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done. ** NOTE: mailboxd must be restarted in order to use the imported certificate. ** Saving server config key zimbraSSLCertificate...done. ** Saving server config key zimbraSSLPrivateKey...done. ** Installing mta certificate and key...done. ** Installing slapd certificate and key...done. ** Installing proxy certificate and key...done. ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done. ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done. ** Installing CA to /opt/zimbra/conf/ca...done.
6. To finish, verify the certificate was deployed.
# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
No comments:
Post a Comment