Results 1 to 7 of 7

Thread: Jetty Cert in 5.0.1

  1. #1
    janderson is offline Active Member
    Join Date
    Jul 2007
    Posts
    36
    Rep Power
    8

    Default Jetty Cert in 5.0.1

    Is there a special step I need to deploy a commercial cert to jetty with the new tools in 5.0.1?

    I'm currently trying to deploy our existing commercial cert to a test box, I got the "zmcertmgr deploycrt comm" to work, however jetty is still using the self signed cert from install.
    Last edited by janderson; 01-11-2008 at 01:41 PM.

  2. #2
    janderson is offline Active Member
    Join Date
    Jul 2007
    Posts
    36
    Rep Power
    8

    Default

    This is what I ended up doing, not sure if it was the best method, but it did work!

    put my.crt and my.key in the following:

    /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.key
    /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt

    /opt/zimbra/ssl/zimbra/commercial/commercial.key
    /opt/zimbra/ssl/zimbra/commercial/commercial.crt

    put intermediate.cer
    /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current_chain.crt

    as root: /opt/zimbra/bin/zmcertmgr deploycrt comm

    Add "jetty" alias to tomcat keystore
    Overwrite /opt/zimbra/jetty/etc/keystore with tomcat keystore

    Edit mailboxd_keystore_password, change password to match tomcat keystore

    Restart services

  3. #3
    ronpoz is offline Junior Member
    Join Date
    Jun 2007
    Location
    Brooklyn, NY
    Posts
    9
    Rep Power
    8

    Default

    Quote Originally Posted by janderson View Post
    Add "jetty" alias to tomcat keystore
    Overwrite /opt/zimbra/jetty/etc/keystore with tomcat keystore
    What do you mean by this?

    Thanks!

  4. #4
    brian is offline Project Contributor
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    5.0.1 supports command line install of the commercial cert.

    Code:
    sudo zmcertmgr deploycrt comm <crt file> <ca chain file>
    This will automatically deploy the cert to the jetty keystore. You may have to manually delete the existing tomcat entry if it's expired.

    Code:
    keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -m nokey mailboxd_keystore_password`
    keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -m nokey mailboxd_keystore_password`
    Bugzilla - Wiki - Downloads - Before posting... Search!

  5. #5
    ronpoz is offline Junior Member
    Join Date
    Jun 2007
    Location
    Brooklyn, NY
    Posts
    9
    Rep Power
    8

    Default

    Quote Originally Posted by brian View Post
    5.0.1 supports command line install of the commercial cert.

    Code:
    sudo zmcertmgr deploycrt comm <crt file> <ca chain file>
    This will automatically deploy the cert to the jetty keystore. You may have to manually delete the existing tomcat entry if it's expired.

    Code:
    keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -m nokey mailboxd_keystore_password`
    keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -m nokey mailboxd_keystore_password`
    Perfect, this fixed my issue!!!

  6. #6
    ronpoz is offline Junior Member
    Join Date
    Jun 2007
    Location
    Brooklyn, NY
    Posts
    9
    Rep Power
    8

    Thumbs up

    Quote Originally Posted by brian View Post
    5.0.1 supports command line install of the commercial cert.

    Code:
    sudo zmcertmgr deploycrt comm <crt file> <ca chain file>
    This will automatically deploy the cert to the jetty keystore. You may have to manually delete the existing tomcat entry if it's expired.

    Code:
    keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -m nokey mailboxd_keystore_password`
    keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -m nokey mailboxd_keystore_password`
    Perfect, this fixed my issue!!!

    Thank you!

  7. #7
    janderson is offline Active Member
    Join Date
    Jul 2007
    Posts
    36
    Rep Power
    8

    Default

    Quote Originally Posted by brian View Post
    5.0.1 supports command line install of the commercial cert.

    Code:
    sudo zmcertmgr deploycrt comm <crt file> <ca chain file>
    This will automatically deploy the cert to the jetty keystore. You may have to manually delete the existing tomcat entry if it's expired.

    Code:
    keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -m nokey mailboxd_keystore_password`
    keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -m nokey mailboxd_keystore_password`
    The deploycert in 5.0.1 deployed to everything but jetty for me, perhaps I should file a bug.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  2. Make jetty bind to a specific ip
    By carnold in forum Administrators
    Replies: 9
    Last Post: 04-23-2008, 05:15 PM
  3. [SOLVED] Tomcat ignoring new SSL cert?
    By gkra in forum Administrators
    Replies: 1
    Last Post: 09-07-2007, 10:44 AM
  4. Replies: 2
    Last Post: 03-25-2007, 09:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •