05-15-2007, 08:46 AM
|
| |
http://wiki.zimbra.com/index.php?tit...icate_Problems Quote:
If you want the common name show up in the CA rather than 'Zimbra Collaboration Suite' because you have several zimbra servers. Please Note: I probably have unnecessary steps in this section here, but this is what I did to get it working for me. vi /opt/zimbra/conf/zmssl.cnf.in
[change section to appear as below]
0.organizationName = Zimbra
0.organizationName_default = Zimbra
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Zimbra
organizationalUnitName_default = Zimbra
commonName = <put your hostname here -- @@HOSTNAME@@ doesn't seem to work>
commonName_max = 64
commonName_default = <put your hostname here -- @@HOSTNAME@@ doesn't seem to work>
Create the CA certificate (as zimbra)
zmcreateca- (OPTIONAL) If you did the Optional step to make the CN the hostname for the CA, the output should be like the following:
...
Signature ok
subject=/C=US/ST=N/A/L=N/A/O=Zimbra/OU=Zimbra/CN=<your hostname>
Getting Private key
unable to write 'random state'
Install server ca files- After creating the ca, it appears that zmcreateca doesn't copy the new ca.key and ca.pem to /opt/zimbra/conf/ca, so do it manually (as zimbra):
cp /opt/zimbra/ssl/ssl/ca/ca.key /opt/zimbra/conf/ca/ca.key
cp /opt/zimbra/ssl/ssl/ca/ca.pem /opt/zimbra/conf/ca/ca.pem
Create the server certificate (as zimbra)
zmcreatecert
If you wish to have several names on the certificate, supply them as arguments
zmcreatecert mail.mydomain.com webmail.mydomain.com webmail.yourdomain.com
Install the server certificate files (as zimbra)
zmcertinstall mailbox /opt/zimbra/ssl/ssl/server/tomcat.crt
zmcertinstall mta /opt/zimbra/ssl/ssl/server/server.crt /opt/zimbra/ssl/ssl/server/server.key
| |