Hi all.
I've just cleaned up the instructions just a little :
removing line breaks that shouldn't exist
replacing general instructions with commands
adding an additional permission change
and inclusing two points at which I got errors which meant the fix didn't work properly - the things marked /* ...... */
1. First stage
As root: IE sudo -i
tar cf /tmp/zimbra-ssl-bak.tar /opt/zimbra/ssl/
rm -rf /opt/zimbra/ssl/*
chown zimbra:zimbra /opt/zimbra/ssl
chown zimbra:zimbra /opt/zimbra/java/jre/lib/security/cacerts
chmod 644 /opt/zimbra/java/jre/lib/security/cacerts
chown zimbra:zimbra /opt/zimbra/mailboxd/etc/keystore
As zimbra: IE su zimbra
keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
/* Error here about permissions means this fix probably WONT work */
As root: IE sudo -i
/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr deployca -localonly
/opt/zimbra/bin/zmcertmgr createcrt self -new
/* an error here while retreiving the cert from the server then again, this fix most probably wont work */
/opt/zimbra/bin/zmcertmgr deploycrt self
As zimbra: IE su zimbra
zmcontrol stop
zmcontrol start
2. Second stage
As root: IE sudo -i
tar cf /tmp/zimbra-ca-bak.tar /opt/zimbra/conf/ca/
rm -rf /opt/zimbra/conf/ca/*
cp /opt/zimbra/ssl/zimbra/ca/ca.key /opt/zimbra/conf/ca/ca.key
cp /opt/zimbra/ssl/zimbra/ca/ca.pem /opt/zimbra/conf/ca/ca.pem
ln -f -s ca.pem /opt/zimbra/conf/ca/`openssl x509 -hash -noout -in /opt/zimbra/conf/ca/ca.pem`.0
chmod 644 /opt/zimbra/conf/ca/*
As zimbra: IE su zimbra
zmcontrol stop
zmcontrol start
Last edited by cdmdotnet; 04-16-2009 at 08:29 PM..
|